Tough Love in Compliance and Breach Liability

News August 10, 2009 • Issue 09:08:01 Industry Update ...... 14 Visa consolidates, restructures ...... 50 Cabbies roll with VeriFone terminals ...... 50 Tough love in compliance Negotiating the wireless security mineﬁ eld ...... 51 and breach liability SPVA broadens membership base with global players ...... 52

Features

AgenTalkSM: Esteban Marin The working smart MLS ...... 34 SellingPrepaid: Prepaid in brief ...... 40 Financial storm perfect for prepaid? ...... 42 Keeping patients sticky...... 43 Triumphs and travails of kiosk deployments ...... 44 Trade Association News: MWAA raises the conference bar year by year ...... 54 Embry enters payment hall of fame ...... 55 ControlScan extends involvement with ETA ...... 55

Views

Community counts By Biff Matthews CardWare International ...... 26 Consumers love rewards, why don't sales reps? onsumers with credit cards have long been afforded the most crucial of By Lori Breitzke, VeriFone ...... 30 all protections: immunity from fraud liability. When card data is stolen – no matter how it happens – all charges that follow are someone else's Education C to pay. Street SmartsSM Fraud liability has to fall somewhere, of course, and while some say the fraud- The proper approach to MLS hunting sters themselves (those who get caught) should contribute, typically they are By Jon Perry and Vanessa Lang punished with civic fines and jail time, not restitution. 888QuikRate.com ...... 68 Rather, that cost is placed squarely on the occupants of the payment chain, one Seven reasons to avoid exclusivity or more ill-fated parties saddled with the byproduct of someone else's mischief. By Adam Atlas, Attorney at Law ...... 74 Yet, it varies precisely how those costs are apportioned, a task that can be a A case for case histories tricky business – especially when blame is difficult to find. By Nancy Drexler, SignaPay Ltd...... 78 The MLS opportunity In the words of Rick Fischer, a Washington, D.C., lawyer who specializes in data By Christian Murray theft and Payment Card Industry (PCI) Data Security Standard (DSS) compli- Global eTelecom Inc...... 80 ance, the process of placing liability for data breaches is one of "rough justice." Call reluctance: Diagnose it and treat it "Someone asked me one time if the fines and the notice requirements were fair," By Jeff Fortney, Clearent LLC ...... 82 Fischer said. "And I said, 'you know what would be fair in these circumstances? Digging into PCI: Part 1 – Securing the network It would be fair if the hackers and the identity thieves give notice to the consum- By Tim Cranny, Panoptic Security Inc...... 86 ers and pay the fees – that would be fair.' But that's not going to happen."

Continued on page 3 See Breach liability page 59

AdvisoryBoard NotableQuote » Tony Abruzzio–Global Payments Inc. » John Arato–MagTek Inc. Remember, you can only control » Adam Atlas–Attorney at Law your actions, not those of other » Clinton Baller–PayNet Merchant Services Inc. people. No matter what you say » Audrey Blackmon–TASQ Technology or do, you cannot force someone » Sam Chanin–Tribul Merchant Services to say yes. That is the individual's choice, not yours. If you do your » Steve Christianson–AAmonte Bankcard part well, and your prospect says » Steve Eazell–Secure Payment Systems Inc. no, that is a successful call. » Peter Estep–National Bankcard Systems Inc. » W. Ross Federgreen–CSRSI See story on page 82 » Jim Fink–EVO Merchant Services » Kim Fitzsimmons–First Data Merchant Services » Ed Freedman–Total Merchant Services » Marc Gardner–North American Bancard Inside this issue: » Russ Goebel–Quantus Health Solutions LLC CONTINUED » Matt Golis–YapStone Inc. » Alex Goretsky–USA ePay Company Proﬁ les » Curt Hensley–CSH Consulting » Jared Isaacman–United Bank Card Inc. First National Merchant Solutions » Kevin Jones–First American Payment Systems » Jerry Julien–Equity Commerce LP A right-sized acquirer ...... 47 » Lazaros Kalemis–Alpha Card Services Inc. New Products » Dee Karawadra–Impact PaySystem » Rod R. Katzfey–Comdata Processing Systems Inc. Advertise for free processing ...... 89 » Allen Kopelman–Nationwide Payment Systems Inc. Purchasing made easy and secure ...... 90 » Mitch Lau–Money Tree Merchant Services » Mitch Levy–Merchant Cash and Capital Inspiration » Dan Lewis–AmeriBanc National Ltd. » Douglas Mack–Payex As in work, so in life ...... 92 » Paul Martaus–Martaus & Assoc. » Biff Matthews–CardWare International Departments » David McMackin–AmericaOne Payment Systems Inc. » Tim McWeeney–WAY Systems Inc. Forum ...... 5 » Patti Murphy–The Takoma Group Datebook...... 94 » Michael Nardy–Electronic Payments Inc. (EPI) » Joseph Natoli–NPC Resource Guide ...... 96 » Steve Norell–US Merchant Services » Garry O'Neil–Electronic Exchange Systems Advertiser Index ...... 110 » Bulent Ozayaz–VeriFone Miscellaneous » Marcelo Paladini–Cynergy Data » Michael Petitti–Trustwave QSGS: Quick Summary Green Sheet ...... 8 » Bill Pittman–SoundPOS LLC. » David Press–Integrity Bankcard Consultants Inc. Bottom Lines ...... 14 » Steve Rizzuto–TransFirst » Charles W. Salyer–Ladco Leasing Inc. 10 years ago in The Green Sheet ...... 64 » Jeffrey I. Shavitz–Charge Card Systems Inc. Water Cooler Wisdom ...... 92 » Lisa Shipley–Ingenico North America » Rick Slifka–Exec-Links LLC Calendar ...... 95 » Dave Siembieda–CrossCheck Inc. » Ted Svoronos–Group ISO » Scott Wagner–GO Direct Merchant Services Inc. » Matt Whitaker–Smart Payment Solutions » Dan D. Wolfe–Teledraft Inc. » Sam Zeitz–American Bancard LLC 4

President and CEO: Paul H. Green ...... [email protected] General Manager and Chief Operating Ofﬁ cer: Kate Gillespie ...... [email protected] CFO/Vice President Human Resources & Accounting: Brandee Cummins ...... [email protected] Managing Editor: Laura McHale Holland ...... [email protected] Senior Editor: Patti Murphy ...... [email protected] Senior Staff Writer: Dan Watkins ...... [email protected] Staff Writers: Michael Miller...... [email protected] Joe Rosenheim ...... [email protected] Ann Wilkes ...... [email protected] Asst. VP of Production, Art Director: Troy Vera...... [email protected] Production: Lewis Kimble, Production Manager ...... [email protected] Asst. VP of Advertising Sales: Danielle Thorpe ...... [email protected] National Advertising Sales Manager: Rita Francis ...... [email protected] Advertising: Kat Doherty, Advertising Coordinator ...... [email protected] Circulation: Vicki Keith, Circulation Assistant ...... [email protected] Correspondence: The Green Sheet, Inc. 800-757-4441 • Fax: 707-586-4747 6145 State Farm Drive, Rohnert Park, CA 94928 Send questions, comments and feedback to ...... [email protected] Send press releases to ...... [email protected] NOTE – Please do not send PDF versions of press releases. Print Production: Hudson Printing Company Contributing Writers: Adam Atlas ...... [email protected] Lori Breitzke ...... [email protected] Tim Cranny ...... [email protected] Nancy Drexler ...... [email protected] Jeff Fortney ...... [email protected] Vanessa Lang ...... [email protected] Biff Matthews ...... [email protected] Christian Murray ...... [email protected] Jon Perry ...... [email protected]

The Green Sheet (ISSN 1549-9421) is published semi-monthly by The Green Sheet Inc., 6145 State Farm Dr., Rohnert Park CA 94928. Subscription is FREE to participants in the payment processing industry, an annual subscription includes 24 issues of The Green Sheet and 4 issues of GSQ. To subscribe, visit www.greensheet.com. POSTMASTER: send address changes to The Green Sheet Inc., 6145 State Farm Dr., Rohnert Park CA 94928. Any questions regarding information contained in The Green Sheet should be directed to the Editor in Chief at [email protected]. Editorial opinions and recommendations are solely those of the Editor in Chief. In publishing The Green Sheet, neither the authors nor the publisher are engaged in rendering legal, accounting, or other professional services. If legal advice or other expert assistance is required, the services of a competent professional should be sought. The Resource Guide is paid classiﬁ ed advertising. The Green Sheet is not responsible for, and does not recommend or endorse any product or service. Advertisers and advertising agencies agree to indemnify and hold the publisher harmless from any claims, damage, or expense resulting from printing or publishing of any advertisement.

Farewell to a payment champion merchant has a plain text file on his server containing thousands of tokens. Another merchant has a plain text file on his server contain- The payments industry lost a groundbreaker on July 17, ing thousands of fully encrypted card numbers (for this example, 2009, when Paul William Noblett Jr. passed away. Noblett the encryption doesn't really matter; it could be any strong cipher thrived on challenges and was instrumental in the growth or hidden TDES [Triple Data Encryption Standard]), and further of National Bancard Corp. (NaBanco), which is now First assume the encryption keys are secured in a Tamper Resistant Data Corp. Security Module (TRSM) that has not been compromised.

A decorated veteran of the U.S. Army, he began his career in Both merchants get hacked and the files are stolen. Again assume the industry by leading an intricate payroll automation project TRSM has not been compromised; only the text files were stolen. for the Army Finance Corp. The first is not considered a breach because true tokens do not contain cardholder data in any form, whereas the second is con- Noblett joined NaBanco in 1979, leading the company as sidered a breach because even though the card data is encrypted, operations manager through significant growth and acqui- it does contain cardholder data, and it has the potential of being sitions of several bank merchant portfolios. From 1983 decrypted. to 1989, he worked for MasterCard International (now MasterCard Worldwide) where he oversaw, among other There are big differences between tokenization and end-to-end things, the deployment of Banknet, MasterCard's first global encryption. Both have their strengths and weaknesses. I obviously processing network. He then returned to NaBanco, which have a bias for tokenization solutions; others have a bias for end- soon became one of the nation's largest acquirers. to-end encryption models. To me, the strongest solution would be a hybrid solution using an encrypted card reader feeding a tokeni- In 1992, Noblett formed his own consulting firm, Noblett & zation solution. This would give you the strengths of both. Associates Consulting LLC. Mike McCormack, an Associate in the firm, said, "One of the things he specialized in was Steve Sommers helping small and emerging ISOs and various technology Shift4 Corp. companies in the acquiring space move up to the next level. … Paul's legacy is one of bringing a very optimistic, proac- Steve, tive, enthusiastic perspective to things." Thank you for taking the time to send us this explanation. We strive for accuracy in all that we publish, but sometimes we don't get it The real story on tokenization quite right. We will use your white paper as a resource when writ- ing about this topic in the future. Your cover story, "Diverse perspectives on end-to-end encryption," dated May 25, 2009, states on page 63: One option, Editor known as tokenization, is simply the use of a single, common encryption key by different parties up and down networks. It is considered by many to be a relatively uncomplicated way to avoid When will my news appear? decrypting data when it's transferred, since each handler is privy to the original encryption formula. If I submit a press release to you containing relevant industry news, when will it be posted? And will you let me know once it's done? This is an incorrect statement as it is describing encryption, not tokenization. As the person that coined the phrase tokenization Mary Hebert as it is applied to payments, I urge you and your readers to read Ometz Payments Ltd.. my 2008 white paper "Tokenization in Depth" – at www.shift4. com/pdf/s4-wp0806_tokenization-in-depth.pdf. Mary,

This white paper clearly defines that a token is not encrypted data; We typically post press releases pertaining to the payments indus- instead a token is simply a reference key to other data, in this case try on the same day we receive them, but we do not notify parties sensitive cardholder data. who send us releases when they are posted. When your release is ready, send it to [email protected], and check News From Tokens, by definition, are not decryptable. The author of the article The Wire on the left-hand side of our home page later in the day is describing a problem with one form of end-to-end encryption. to see if it's been posted. If you do not see your news there, it's just fine to send us a follow-up e-mail. I guess the best way to distinguish the difference between an encryption solution and a tokenization solution is by example: One Editor

A quick summary of key articles in this issue to help keep you up-to-date on the latest news and hot topics in the payments industry.

1 34 Cover Story Feature Tough love in compliance The working smart MLS and breach liability Esteban Marin, President of Merchant Services of Sunrise, Fraud and breach liability for stolen card data fall squarely knows the secret of success for merchant level salespeople on the different parties of the payment chain. Yet, it varies (MLSs) in the payments industry: residuals. Of course, you precisely how those costs are apportioned, and the task of have to work hard to build them up. Then you have to assigning blame can be tricky. This article explores the diffi- work to keep them up. But, as Marin knows firsthand, the cult burdens of breach liability and Payment Card Industry residuals from a well maintained portfolio can be extremely (PCI) Data Security Standard (DSS) compliance. rewarding.

26 43 View Feature Community counts Keeping patients sticky Malcolm Gladwell's best seller, Outliers, opines that all As payment ecosystems go, the health care marketplace is highly successful people have benefited from "a community perhaps the most complex. To advance electronic payments around them that prepared them properly for the world." in this arena, insurers, health care and merchant service But community is not only important for what it does for providers, financial institutions and consumers must all be us, but also for how we return the favor. on board.

30 50 View News Consumers love rewards, Visa consolidates, restructures why don't sales reps? Visa Inc. is reorganizing its executive management team to A recent survey conducted for Colloquy magazine found heighten the effectiveness of its global operations. As part that despite the recession, "over two-thirds of all U.S. con- of the restructuring, various departments will be consoli- sumers report they still participate actively in at least one dated and the company's president will step down. The reward program." But does that apply to the world of sales, move begs the question: What is Visa's motive? where commissions and quotas have long ruled the day? You might be surprised.

QSGS

51 68 News Education Negotiating the wireless Street SmartsSM: The proper security minefield approach to MLS hunting In July 2009, the Wireless Special Interest Group published There is a moment in the life of an ISO or MLS when you an information supplement on how the PCI DSS applies to just can't put any more deals through unless you start to wireless retail environments and what practical methods work overtime. That means it's time to hire your first sales and concepts should be implemented to secure wireless representative. This article examines the pitfalls brought on devices in those environments. by poor judgment in the hiring process.

54 74 Feature Education MWAA, raising the Seven reasons to conference bar year by year avoid exclusivity Satisfaction was in the air as the Midwest Acquirers Whether you are a processor, ISO or MLS, an exclusive Association's seventh annual conference came to a close relationship can be a recipe for stress – or even ruin – down July 24, 2009, at what the Chicago Tribune rated the "coolest" the line. This article summarizes some of the reasons to Chicago suburban hotel. This article looks back at an event- avoid getting into exclusive relationships in the payments ful week of shows, speeches, exhibits and awards. industry. 12

QSGS

78 Education A case for case histories Let's face it. All ISOs provide similar products and services in much the same way – and at comparable prices. At the end of the day, differentiating ourselves to end users is not easy. That's where marketing comes in. To maximize our companies' differentiation and awareness, we continually rack our brains for new or different ways to set ourselves apart.

82 Education Call reluctance: Diagnose it and treat it There is no doubt the economy has affected our industry: More merchants are closing than opening today, and the differential is quite large in some states. But are we using the economy as a scapegoat for poor performance? Could we be facing the dreaded disease called call reluctance?

86 Education Digging into PCI: Part 1 – Securing the network As the first installment of a 12-part series that drills down on each of the 12 core requirements of the PCI DSS, this article explores issues, challenges and solutions relating to requirement 1 – which is one of the most technically complicated and demanding sections of the PCI DSS.

92 Inspiration As in work, so in life When MLSs give two weeks notice on the job, it's nothing like facing death, but it is a life change. Imagine you have given notice and are leaving your present employer on good terms. How should you spend your last days with the company, the one that has helped you learn and grow into an exceptional employee, salesperson and leader?

14 IndustryUpdate Proudly sponsored by

NEWS Web sites purporting to be secure with the green badge have been determined to be vulnerable. The research Online bill pay on the rise showed that a common Web browser design flaw is to blame. This flaw can be turned on the Web site owners Online bill payment service Billeo Inc. has studied how in two ways: consumers pay bills and shop online. Its 2008 survey revealed that two-thirds of e-commerce consumers pay • SSL rebinding, in which a rogue MITM server uses a at least one monthly bill with a credit or debit card. combination of SSL certificates to manipulate client behavior, bypassing security "The most important thing we glean from this study is • EV cache poisoning, in which cached content of an that a growing number of consumers are not only more EV SSL-protected site is persistently poisoned with- comfortable doing a variety of transactions online, but out the victim physically browsing the site they prefer it," said Murali Subbarao, founder and Chief Executive Officer of Billeo. Mike Zusman, Principal Consultant for Intrepidus Group, and Alex Stoirov, an Independent Security Further results included these statistics about consum- Researcher, presented their findings at the Black Hat ers who pay bills and shop online: USA 2009 Briefing & Training conference on July 30, 2009, in Las Vegas. • Seventy-five percent save electronic transaction receipts. "Our research shows that the green glow [the sign of • Over 50 percent never pay late fees. secure connection] can be misleading and provide a • More than 31 percent are baby boomers, with more false sense of security," said Rohyt Belani, CEO for than 58 percent over 45 years old. Intrepidus Group. "Employees and customers should be • Over 56 percent have attended college, with more provided a holistic perspective on phishing to best train than half possessing a graduate degree. them to be resilient to this ever-growing threat." • Ninety percent had credit cards; 47 percent of whom Mercator weighs value of VARs carried no debt on those cards. Mercator Advisory Group released a report examining Other Billeo research showed credit card bills represent- the influence of valued-added resellers (VAR) on mer- ed the largest number of bills paid online. They also rep- chant account retention. The 27-page report included resented the highest average per transaction amount. the following findings:

SSL vulnerability found • Value-added technology is changing the merchant New research from Intrepidus Group revealed holes services industry and acquirers are looking for ways in Internet browser security. According to the report, to increase their value-added technology presence. fraudsters can perform "Man-in-the-Middle" (MITM) • VARs have fueled the innovation that has driven attacks on Web sites with extended validation (EV) processors and acquirers to seek out value-added secure socket layer (SSL) protection. technology.

• A survey by online payment system 2Checkout.com, Inc. revealed retailers lose $4 billion each year to e-commerce fraud.

• Total 2209 spending for back-to-school and back-to-college is expected to reach $47.5 billion, according to a National Retail Federation survey conducted by BIGresearch.

• A mid-year 2009 report from The Digital Entertainment Group stated that 20 million Blu-ray discs were sold in the United States, almost 57 percent more than in the same period in 2008. Blu-ray disc player sales rose nearly 25 percent in the same period, to almost 11 million units.

• According to the May 2009 Port Tracker report from the NRF and IHS Global Insight, import cargo volume at major United States ports topped 1 million twenty-foot equivalent units for the first time in four months. 15

IndustryUpdate

• Concerns about account attrition have also sparked 18 percent of respondents had been victims of credit or acquirers' interest in value-added technology as a debit card fraud in the past five years. If someone they way to increase account retention. knew was hit by card fraud, 22 percent would switch • Because of their agnostic nature, VAR systems financial institutions and 27 percent would consider decrease merchant loyalty to the processor or switching. The survey involved 2,400 consumers across acquirer unless the processor or acquirer is also the eight countries. technology provider. Alpha Card offers MLS stimulus "Merchant attrition could be effectively alleviated if Alpha Card Services Inc. has introduced the MLS acquirers offered value-added solutions above and Stimulus Plan. The company said it is an upgrade of beyond the commodity service to merchants they want its Zero Program designed to help its salespeople sign to retain, actually delivering value, making the mer- more merchants. chants want to stay put," said David Fish, Senior Analyst in Mercator's Credit Advisory Service and author of Way Systems' mobile POS certified the report. Way Systems Inc.'s way5000 device has been certified "In the context of merchant-initiated voluntary attri- by Apriva Inc. With Apriva's Intelligent Gateway ser- tion, technology can, and should, play a leading role in vices, merchants can process credit and PIN-based debit merchant account retention, thereby potentially reduc- transactions virtually anywhere with the way5000, Way ing the amount of natural churn in the marketplace," Systems said. Fish stated. Children's fund for late pro's family

ANNOUNCEMENTS To help support the family of payment professional Alan Gitles, who died in December 2008, Calpian Inc. ACI Worldwide Inc. has created The Gitles Children Education Fund for his children. Donations can be sent to Calpian Inc., 500 N. According to a survey released by ACI Worldwide Inc., Akard St., Suite 2850, Dallas, TX 75201. 16

IndustryUpdate

burse them as card issuers for the activities they perform and the risk they take on each Doin' it right transaction; however, the EPC contribution The Electronic Payments Association, a for mailings and to support the EPC's lob- is just a small piece of the CO-OP puzzle. group of over 60 financial institutions bying efforts, though Porter said CO-OP The organization's mission is designed to dedicated to educating policy makers, doesn't put any conditions on the donation. support their members in any way possible. consumers and the media about the value "We're a part of EPC," he added. "We're of payment systems, received $30,000 in on their board, but it's whatever the EPC Porter said that in addition to CO-OP's June 2009 from CO-OP Financial Services decides is best. We're not going to give contributions to CUNA, it also financially on behalf of its 3,000 member credit them money and say they have to do this supports regional credit union leagues unions. The donation is designed to support or that; all we say is that we need to sup- through its patronage distribution program, the EPC's efforts to inform legislators on port our credit unions in this endeavor to which returned over $19 million to its credit the facts surrounding interchange and to make sure they don't get hurt." unions in 2008. CO-OP contributes to oppose changes to the current interchange more than 60 credit union charitable events fee structure. The EPC and CO-OP are working to fight annually and is a sponsor to the Salt Lake both the Credit Card Fair Fee Act of 2009 City-based Children's Miracle Network, a "The EPC is charged with responding to as well as the S. 1212 provision intro- non-profit organization that raises funds for merchants' drive to decrease or elimi- duced in the Senate, which would allow more than 170 children's hospitals. nate interchange fees and we think it is the U.S. Attorney General to appoint a badly conceived legislation," said Eric panel of electronic payment system judges "We're a co-operative and by law we must Porter, Executive Vice President, Business to act as mediators in setting interchange return a minimum of 20 percent of our Development and Marketing for CO-OP fees. Additionally, the proposed legislation retained earnings back to our members," Financial. "We want to do our part to pro- excludes credit unions regulated by CUNA Porter said. "But typically we return any- tect this income source for credit unions. and those with under $1 billion in assets. where from 50 to 70 percent of retained If interchange is eliminated it could poten- earnings. More than anything else, we tially put small credit unions in a highly "We feel Washington does not fully want to be a bright light in this industry, to disadvantaged position. understand the implications of interchange be a leader who says, 'You can do busi- legislation on credit unions that protect the ness as well as give back and contribute to "If they can't generate income from the consumers," said Stan Hollen, CO-OP's the [credit union] industry's growth.' expenditures incurred to issue cards and do President and Chief Executive Officer. "And the processing and transactions, then they if the interchange fee is lowered through "Banks are spending significant dollars in eventually won't be able to issue cards at poor legislation, smaller institutions like their dues and to their associations with the all. We're supporting both financially and credit unions would have to make the dif- purpose of trying to destroy credit unions, through our contacts nationally through ficult decision to either raise fees or stop and we're helping to fight that off. As credit CUNA [Credit Union National Association] offering credit and debit cards, harming unions nationally we need to stick together. to put pressure on Capital Hill to make sure consumers in terms of restricted payment At CO-OP, we leverage our vendors to help this legislation takes the proper direction for choices." our credit unions get better pricing and ser- financial institutions and consumers." vices. So if we can keep our credit unions Contributions with purpose happy and keep them on the positive side Support without strings of the balance sheet then we all win. That's Interchange is a key revenue source for why we're a co-operative." The contribution is being used to help pay credit unions that helps to partially reim-

CUP Data growing, winning awards offering provides private, online portals for its global resellers, business customers and partners for direct In the last six months, China UnionPay Data Services purchases and subscription renewals. Co. Ltd. (CUP Data), TSYS' joint venture with China UnionPay, has reportedly signed five new long-term EVS adds to anti-fraud product line processing agreements and won several major domestic and international awards. Electronic Verification Systems LLC has released new solutions for identity fraud protection which address Three CUP Data systems were named Most Excellent distinct business aspects and help businesses prevent Software Products by the Shanghai Software Industry identity theft. "Our products have been restructured Association, and its debit card program for Citibank was to easily incorporate into the identity verification por- awarded Best Retail Payment Project Award by Asian tion of a company's Red Flag compliance plan," said Banker. Jay Stewart, Vice President, New Business Development at EVS. Digital River launches B2B solution Health Transaction Network going west Business Direct is the latest business to business (B2B) e-commerce solution from Digital River Inc. The new Buffalo, New York-based HealthTransaction Network,

IndustryUpdate

which went operational in February, has signed a num- medical management customers will save paper and ber of agreements to expand its operations throughout avoid the need to create their own Web portal for pay- Western New York. It is also building relationships with ments and billing. organizations in other states, including Strategic Health Care, an Ohio-based health care advocacy and consult- Iovation tops 2 billion fraud checks ing organization that spans several states. Iovation Inc., the Portland, Ore.-based device reputa- Carr drives keynote address in Vegas tion service provider, recently passed the 2 billion mark for number of scans performed. Iovation's device fin- Robert O. Carr, Chairman and CEO of Heartland gerprinting technology identifies unique devices and Payment Systems Inc. will deliver the keynote address establishes device reputations based on each device's on data security at the 17th Annual ATM, Debit and history of fraud or abuse. Prepaid Forum in Las Vegas from Oct. 18 to 20, 2009. During the presentation, Carr will discuss how system Total Settlement simplifies intrusions have affected the market and spurred indus- accounts payable try trends. Carr will also offer insight on the future of payment technologies and what every industry leader J.P. Morgan Chase & Co. rolled out its Total Settlement needs to know about cyber security. solution. The technology consolidates automated clearing house (ACH), commercial card, wire, and standard Intracorp launches paper check payments in a single file and simpli- digital e-billing, processing fies the accounts payable process with a self-service Web portal. In answer to pending, state-mandated electronic billing requirements and customer needs, Intracorp now offers Jack Henry gains 33 CUs in 12 months electronic billing and automated payment processing Jack Henry & Associates Inc. said its Symitar division solutions. has signed 33 credit unions in just 12 months. Eighteen of these credit unions opted to outsource their transac- With Jopari Solutions Inc.'s solutions, Intracorp said its tion and information processing. Javelin shows increased interest in P2P

A new Javelin Strategy and Research study found that 24 percent more consumers are likely, or extremely likely, to use person-to-person (P2P) payments and transfers than those sampled in 2007. The main points included were P2P's value to payments professionals, key marketing strategies for mobile P2P, viable initial targets and available P2P transfer offerings. PayPass accepted at Home Depot

The Home Depot U.S.A. Inc. is now accepting MasterCard Worldwide's PayPass at 1,974 locations across the United States. Nebraska court payments go electronic

The Lancaster District Court's Administrative Office of the Courts in Lancaster County, Neb., has expanded its online payment options beyond assisting traffic viola- tors not required to make court appearances. It now accepts credit card and ACH payments for: alimony, attorney fees, property settlements, probation fees and court costs. RSA finds gap between security needs and tech

RSA Conference surveyed 150 C-level security executives and professionals about information security. The results, published in a paper entitled What Security

IndustryUpdate

Issues Are You Currently Facing?, revealed that respon- retail stores. The AIO350 includes the following options: dents' major concerns were e-mail phishing and mobile guarantee or non-guarantee risk management programs, device security, while money for the technologies used Check 21 or non-Check 21, and cash drawer, ATM and to address those risks are getting axed from budgets. card load payout options. Sports Authority a contactless sport Visa earmarks $7 mil for litigation costs

All 450 The Sports Authority Inc.'s Sports Authority Visa Inc. set aside $700 million into a litigation account. locations now accept MasterCard's PayPass contactless It had put away $3 billion from the initial public offer- payments. "Accepting MasterCard PayPass will help ing proceeds in March 2008, for legal costs which might keep our check-out lines short, so customers spend less have arisen. Class B shares are held by U.S. financial time waiting in line when they make their purchases," institutions. As Visa funds the account, it reduces the Tom McVey, Sports Authority's Senior Vice President, conversion price for class B shares into class A shares. Store Operations, said. UMSI unveils free ECR program PARTNERSHIPS United Merchant Services Inc. launched a free elec- Absa picks ACI Worldwide platform tronic cash register (ECR) program for its ISO partners nationwide. The ECR program provides ISOs with a free Absa Group Ltd., a Barclays Bank PLC member, is now integration module and free terminal placement. "Our using ACI Worldwide Inc.'s payment processing plat- integration module is the first of its kind in our indus- form, BASE24-eps for Absa POS devices. The issuer pro- try," said Jay Yoon, President and CEO of UMSI. cessing has been migrated and the acquirer functionality will go online in the next phase. Valid Systems debuts check casher An EPIC ear for payments Valid Systems has added a new product, the AIO350, a check cashing solution designed for convenience and Fast Transact Inc. was selected by Ear Professionals International Corp. as its preferred payment process-

IndustryUpdate

ing provider. EPIC members can apply online for a to Datamark's outsourcing centers in El Paso, Texas, merchant account from Fast Transact. This partnership Juarez, Mexico, and Chennai, India, for data entry over followed Fast Transact's research into markets that lack a secure connection. merchant services or payment gateway technology. mPayy makes iOffer Fifth Third adds Western Union services consumers can't refuse

Fifth Third Bank will offer Western Union Holdings Online and mobile payment provider mPayy Inc. teamed Inc.'s money transfer services at its 1,300 plus loca- up with online auction and trading company iOffer.com tions across 12 states. The signing of Fifth Third Bank is to complete the deployment of the mPayy debit solu- part of Western Union's North America "go-to-market" tion, which reportedly allows a cost-effective payment strategy. alternative to credit cards. With this solution, consumers can make payments from their checking accounts with 1st Century Bank taps Goldleaf just a cell phone number and a password. Goldleaf Financial Solutions Inc. has been selected to Q2 community FIs get NetDeposit solutions provide its ACH solution for 1st Century Bank, a Los Angeles-based financial institution with $260 million in Payment processor NetDeposit LLC signed an agree- assets. ment with Q2 Software Inc. to enable community financial institutions to access NetDeposit's remote Datamark Inc. wins Herae contract deposit capture, branch capture, debit, credit card and Health care processor Herae LLC has selected Datamark automated clearing house payments. Inc. to supply data entry services for Herae's Direct QuikTrip chooses Balance Deposit for Healthcare electronic payment system's Innovations for check conversion paper conversion process. To handle its back office check conversion, QuikTrip Scanned explanation of benefits forms are transmitted Corp. selected Balance Innovations LLC's vbEPIX.

IndustryUpdate

"With one solution we are able to process all checks with Bling Nation teams with Viaero Wireless greater efficiency and speed," Carole Williams, Payment Systems Manager, QuikTrip, said. La Junta, Colo. residents using Viaero Wireless's nationwide wireless network can now make mobile payments Shazam to pilot Internet with Bling Nation Ltd.'s Community Payments Service. PIN debit technology Viaero provides SIM cards that are read by BlingTag Shazam, an electronic funds transfer provider, will test Readers at local merchants, keeping money within Acculynk's PaySecure Internet PIN debit service. The the community and saving community banks from pilot is designed to help gauge consumer acceptance network costs. of Internet PIN debit. "We are always seeking new and innovative ways for our community financial institutions to effectively compete in the market," said Mike APPOINTMENTS Hollinger, Shazam's President and CEO. UMSI taps Daughtry TSYS signs with Consumer Bryan Daughtry, a 17-year veteran in sales leadership Health Technologies and management, has joined the United Merchant TSYS Healthcare partnered with Consumer Health Services Inc. team as the Vice President of Sales and Technologies Inc. to incorporate its payment card solu- Marketing. Daughtry comes to UMSI from Global tion into CHT's BenefitSpan, which manages health Payments Inc. where he held the position of Vice reimbursement, flexible spending and health savings President of Sales for the Indirect Business channel. accounts. "This partnership offers a single source for all WSAA expands advisory board administrative activities related to plan members who use their debit cards to pay for healthcare products and The Western States Acquirers Association has expanded services," Trey Jinks, group executive for Healthcare, its Advisory Board to include Ryan Fenley, POS Card TSYS, said. Systems; Deborah Camm, Planet Payment Inc.; Jason Putnam, First American Payment Systems LP; and Tim McWeeney, Way Systems Inc. Hamel named 3DSI's Platform Delivery VP

To oversee technical operations, compliance, system design, maintenance and support, and business development, 3Delta Systems Inc. welcomed Peter Hamel as Vice President of Platform Delivery.

"Pete's background and experience are superbly suited to his new role at 3DSI, having managed the development and growth of the payment industry's first Level- 3 processor," said Aaron Bills, cofounder and Chief Operating Officer of 3Delta Systems. New CTO for Turiss

Phil Mellinger, who is credited with drafting the original Payment Card Industry Data Security Standard, has signed on with Turiss LLC, a fraud software company, as its new Chief Technology Officer. Mellinger was previously Chief Information Security Officer for First Data Corp. Discover gets Zaeske

Discover Financial Services has named Mark A. Zaeske as it's new Vice President, Finance and Chief Account- ing Officer.

He will oversee accounting, external reporting, management reporting, corporate tax and corporate procure- ment and payment services.

View

community-centered causes that both welcome new vol- Community counts unteers and are set up to manage them. By Biff Matthews CardWare International My challenge to readers of The Green Sheet is to recognize that, for a change, time is something we have more of. alcolm Gladwell's best seller, Outliers, Consider taking stock of your own corporate citizen- opines that all highly successful people ship and what it might mean to you and your commu- have benefited from "a community around nity. Consider organizing, with your staff or co-workers, them that prepared them properly for the a community committee, in which the company and M employees can work together to contribute to something world." I believe community is not just important for what it does for us, but for how we return the favor. worthwhile.

Community, I think, has three spheres for most of us in It's hard to go wrong with anything that helps children. the payments industry: The first is at work and consists of The same goes for animals, emergency shelters of any management and co-workers. Next, there is our customer kind, and special-needs facilities, such as burn centers. community, and then there's the outside community in The most entrepreneurial among us can even create a which we live. cause from scratch. Significant rewards At CardWare, we have a Comm- Giving a boost to unity Committee. One of the com- Several years ago, Rotary Inter- mittee's missions is to identify – or a worthy cause can national had a program based in create – worthy causes or events, have tangible rewards Carmel, Ind., that worked with centered within our town, that the sales teams that sold medical majority of our employees would for the recipients and equipment. Doctors upgrading be enthusiastic about supporting. the community, their equipment usually faced the The committee – and everyone question of what to do with old involved with its work – is self- but purely from a equipment. Rotarians picked up directed and passionate about the self-interest stand- the old equipment and drove it to a causes they're supporting with facility where it would be fixed. their time and energy. point, the rewards Other Rotarians then delivered the No money required for volunteers can be substantial as well. overhauled equipment to medical Notice I did not mention check- facilities in Central America. The books. While charities and ser- team also worked with the manu- vice organizations always welcome facturers to make sure the doctors money, there are fewer discretionary dollars available received a tax deduction. It was very creative and might today in corporate or personal accounts. Combine that be my favorite example of the "Doin' it right" theme with an economy whose future seems less than stable, and discussed in recent issues of The Green Sheet. It certainly the bottom line is that the outlook for charitable giving is illustrates the idea that we all have sales, recruitment not favorable. and managerial skills that can be put to use for worthy causes. In fact, donations in virtually all categories (except reli- gious) declined in 2008, with the biggest decline — almost Giving a boost to a worthy cause can have tangible 13 percent — affecting services groups providing aid to rewards for the recipients and the community, but purely the disadvantaged. from a self-interest standpoint, the rewards for volunteers can be substantial as well. Good causes, and the special What we can give, though, is what many of us have more events that surround them, produce positive media atten- of right now: our time. And that presents opportunities tion, as well as excellent networking opportunities for that can be substantial – and sometimes surprising. employees and employers alike.

Most communities have numerous nonprofits that need In this regard, always participate in charitable work wear- help. We've been involved in several direct-impact causes ing apparel that tastefully shows off your company logo. such as food pantries, and children's causes like mentor- And if there's an opportunity for your business to donate ing. (The latter, these days, brings on mind-numbing supplies or other goods as part of the activity, make sure paperwork, background checks and other roadblocks, but the merchandise is handsomely logo'd as well. This is all that's a different article.) about recognition – and perception.

Hospice Foundation of America, Habitat for Humanity And because perception is important, it is advisable to and Breast Cancer Awareness are just a few excellent meet beforehand with staff regarding their participation

View in charitable events. It's wise to have a light, informal discussion regarding organization who can be interviewed both aspects of a community volunteer's role: responsibility, appearance and – and is assertive enough to engage propriety on one hand and the potential of networking on the other. All of our a reporter who is looking for a good employees have business cards (some without name or title), and the contacts source. Wherever you invest your they make while volunteering often ask what they do. Our cards feature a high- time, it's critically important to cel- level menu describing what we're about. Encourage employees who don't have ebrate the results of good works. personalized printed cards to hand-write their name and job title on company Recognize staff members who par- cards and distribute them freely. ticipate with news items or small ads in local newspapers. Spreading recognition

Since media will often cover charitable events, identify a point person in the Mention the program and its participants in company newsletters. People feel good about contributing to worthwhile causes, and recognition is a wonderful reward.

The second type of community, customer communities, can be leveraged in similar ways. Choose a cause with universal appeal, not the hot-button, divisive issues with which we're all too familiar.

The cause can be related to what you do locally, or something entirely different. Introduce a program whereby your customers have the opportunity to contribute in small increments – 1 cent per transaction, or a $1 match, which would entail adding $1 to the customer's invoice and match- ing it with $1 from your company, for example.

Invite customers to participate; then recognize those who do in your company's newsletter, Web site and e- mail promotions.

Issue a news release about the program and its participants for trade publication. Offer to write an article about your program, and the customer's participation, for your customers' own internal newsletter. Like personal sales networking, the multiplier effect has powerful potential to reach those whose opinions and influence can be helpful to you. Biff Matthews is President of Thirteen Inc., the parent company of CardWare International, based in Heath, Ohio. He is one of 12 founding members of the Electronic Transactions Association, serving on its board, advisory board and committees. Call him at 740-522-2150, or e-mail him at [email protected].

View

from the Aberdeen Group Inc. in 2009. "Companies who Consumers love have a loyalty solution in place, as compared to those without a loyalty solution, are performing at signifi- rewards, why cantly higher levels across a number of important metrics, including a 53 percent higher compound growth rate," don't sales reps? said Sahir Anand, Senior Analyst at Aberdeen and chief By Lori Breitzke author of the report. VeriFone The Incentive Research Foundation (www.theirf.org) said research proves incentive programs can boost perfor- ho says you can't buy loyalty? Not con- mance by anywhere from 25 to 44 percent. Furthermore, sumers, that's for sure. A recent survey the IRF argued that quota-based rewards programs are conducted for Colloquy magazine found most effective. W that despite the recession, "over two- thirds of all U.S. consumers report that they still partici- The foundation also stated, "Piece-rate programs, for pate actively in at least one reward program." doing more of something, also provide positive results, according to the research." Least effective, it said, are But does that apply to the world of sales, where commis- "closed-ended programs that reward a preselected num- sions and quotas have long ruled the day? You might be ber of winners, as opposed to open-ended, quota-based, surprised. Experience demonstrates that rewards pro- or piece-rate programs that give everybody a chance at grams can help you weather economic storms, boost sales, success." identify and retain your best performing employees and sales reps, and increase product knowledge. According to the Incentive Performance Center (www. Outshine competitors incentivecentral.org), there's a significant problem with relying solely on cash to reward performance. "Because Companies with good rewards and loyalty programs out- cash quickly gets mingled with other compensation or perform competitors, according to retail industry research expenses … it has very little residual or marketing value," the center noted. "Noncash awards, on the other hand – especially those targeting internal audiences – have a far greater chance of breaking through the promotional clutter than a straight cash award or discount."

The IPC further pointed out that the top 20 percent of staff are self-motivated and will likely outperform their colleagues regardless of incentives. The bottom 20 percent "are either new and on their way up or, in one way or another, on their way out," the center said. However, performance of the remaining 60 percent can vary dramati- cally, so the IPC pointed out that an incentive program "stands the best chance of affecting performance if it takes into account both the top performers and the middle 60 percent." The right structure

A rewards program that reflects incremental sales benefits those who meet and exceed their goals and gives a clear picture of who is selling and who is not. Some key princi- pals of a successful rewards program are that:

• The cost of the program is directly tied to incremental sales and is essentially self-funding. • Promotions and short-term offers on specific programs are easily offered – and measured. • A robust marketing plan is necessary to promote the program and offers. • Rewards can often be anything from cash to travel to merchandise – whatever the participants want – which gives participants more control to get rewarded in the way most meaningful to them.

View

Rewards can be flexibly structured around a company's • E-mail marketing objectives and resources and participants' desires. They • Event attendance are most effective when participants are able to exert • Webinars some control over the types of rewards they can select. • Promotions to drive registrations and redemption Redemption strategies range from allowing rewards to • Direct mail be used for discounts on your own merchandise and services, to travel rewards, to various merchandise, gift Since rewards generally are directly tied to results, the cards and cash. cost of the program is more controllable and measurable. Plus, companies can identify who the performers are and The rewards "host" has great leverage and control over which areas need work. In addition, rewards may be a the redemption program and can dictate when points valuable tool in retaining the high performers. Those who must be redeemed, what the minimum and maximum are earning a significant number of points in a program rewards levels are, and parameters for special contests are less likely to leave the company, especially if they're in for bonus points earned when pushing particular prod- the process of pooling points toward a bigger prize. ucts or services at a particular time. Sales reps may be further incented when they can pool points toward big- Participants are highly motivated by the opportunity to ger items or have the option to redeem them anytime for acquire items they really want – as opposed to cash that smaller prizes. will likely just go toward everyday expenses. Getting the word out But points can be used toward trips or items participants A successful rewards program requires a good marketing normally would not splurge on. Rewards programs can be strategy to make it work. Key tools that may make sense especially successful during tough economic times and a to include are: win-win for the participant as well as the companies that offer them. • Flyers to introduce the program Lori Breitzke is VeriFone's Director of Marketing for North • Web site messaging America. She can be reached at [email protected]. • External newsletters

34 AgenTalkSM The working I try to pitch every day; I am more a face to face smart MLS kind of person rather than steban Marin, President of Merchant Services of a phone cold caller. I usually Sunrise, knows the secret of success for merchant level salespeople (MLSs) in the payments indus- work straight from 8:30 a.m. E try: residuals. Of course, you have to work hard all the way to 5:30 p.m., to build them up. Then you have to work to keep them and I am definitely putting up. But, as Marin knows firsthand, the residuals from a well maintained portfolio can be extremely rewarding. in more hours than when I first started working. The Green Sheet: Why did you choose a payments career, and when did you know you'd be able to succeed in this sphere? GS: Are you working as an employee or contractor for someone else, or do you own your own company? Esteban Marin: Merchant services got me hooked because of the potential of the residuals. After a year doing this, EM: I am in a 1099 position, but I did work for some very and after a couple of ISOs down the road, I knew that this large ISOs who trained me and taught me a lot. I am very would be my career. satisfied right now, but I would not eliminate the thought of working for somebody again. I got beat down seriously for the first couple of months due to poor or no training at all, and right when I was GS: How has the industry changed since you started? ready to throw in the towel, I found The Green Sheet. EM: I started when free terminals were starting to emerge, After reading almost all of the past articles I realized what and that has affected the industry in so many ways, I was doing wrong, and I changed my attitude. After that mostly bad ways. I now see a lot of new merchants getting I knew that with the right tools, and lots of knowledge, I interchange plus pricing, when that used to be reserved would succeed. for larger accounts only. But I also see that merchants are more educated, and I appreciate that because it is easier GS: What's been your greatest success so far as an agent? for them to identify the good from the bad.

EM: My greatest success has been to establish a name and GS: What goals do you set for yourself? reputation with some large local merchants; they know that they can count on me to handle more than 50 percent EM: I set weekly goals, and I go over them every Friday. of their stores' total income, and they pass the word to If I don't make it, they roll over for the next week. (I am a their friends. It's very rewarding when a stranger calls little behind right now). you and says he heard great things about you. GS: Describe your typical work day. GS: What has been your most significant learning experience? EM: I try to pitch every day; I am more a face to face kind of person rather than a phone cold caller. I usually work EM: Working for a large ISO. I went to their training trips straight from 8:30 a.m. all the way to 5:30 p.m., and I a couple of times, and boy, those are very intense. am definitely putting in more hours than when I first started working. GS: What do you like best about your career, and what's been most challenging? GS: How do you balance the demands of your work and personal lives? EM: I love the potential (even with the competition and margin compression). And I also love the freedom that EM: That has to be the most challenging part of this busi- this career gives to you. ness. I give my merchants my cell phone number, and sometimes merchants call at crazy hours. On the flip side, some ISOs are using all kind of tactics (from giving the house away to flat-out lying to the mer- If it is something that I can handle, I usually help them chants) in order to acquire new merchants, therefore mak- out, but if I see that it may take hours, I reroute them to ing my life a little bit harder. tech support and do a follow up call later.

AgenTalk

GS: Have you ever tried to move your merchants from one processor to anoth- I'd ask the recruiter about that, he er? If so, what happened? would keep going around the bush. I learned to read before I sign. EM: One of the first processors that I sold for let me down big time with several customers. After I stopped sending them deals, they cut my residuals off. I GS: What would people be surprised tried to move one of the merchants, and I got a letter from them threatening to to know about you or the way you do send me to court. After that I learned to read my ISO contract. your job?

GS: Have you ever lost or almost lost a residual stream? EM: I like to keep an eye on everything. I treat my merchants in a very EM: I lost residuals due to minimums hiding deep in a contract, and every time personal way. I know their partners' names and give them a call on their birthdays.

GS: Do you have a surefire way to resolve conflict?

EM: I always tell the merchant that the first number they need to call is my cell phone, that they are supposed to be running their business, not waiting on hold. That usually keeps me in the loop with any potential problem.

GS: What is unique about your sales style?

EM: I am very passive and act the opposite of a salesman. I also approach the business as a consultant trying to see how I can help him to make more money and streamline his operations.

GS: What is your most successful value-added product? Why?

EM: That has to be POS. I was lucky to partner up with a very knowl- edgeable person who only pitches large businesses, and we have a deal. She doesn't go into merchant services as long as I don't go into POS.

GS: Merchants are savvier now about credit card processing. How does this affect MLSs?

EM: I see this as an edge; educated merchants know right away if your offer is too good to be true, and they would send you out the door if you are trying to pull a fast one.

GS: How do you secure referrals?

EM: My best advice is to focus within your existing clientele base; a happy 37

AgenTalk merchant is the best lead source that you could ever somebody offers them a free terminal or a 10 bps [basis wish for. points] lower rate. They know that it takes time and hard work to properly place them, and they appreciate that by GS: Why is it important to have a full arsenal of products sticking with you. to offer merchants? GS: How do you get merchants to see you as a consultant EM: Merchants are demanding; so is the market. And if rather than just another salesperson? you only focus on one product your chances get slimmed. By offering several products you are building the value of EM: My approach is very informative. I try to keep up to your relationships, and value has proven to weigh more date with all the new technologies by reading and talking than cost. to my fellow professionals. I try to steer away from pricing and rather show them why my services will benefit GS: How do you explain interchange rates to prospects? their bottom line.

EM: I tell the merchants that interchange plus pricing is GS: Do you think there will always be street sales? similar to when they go to a market and they get a very detailed receipt showing exactly what they are paying for. EM: Savvier merchants like to do business face to face. On the other hand, tiered pricing shows them: bread, milk Telemarketers are so stereotyped that I don't think large and cheese. merchants would trust them.

GS: What types of merchants do you prefer to work GS: What is your approach to terminal placement? with? EM: I am a firm believer of the lease. If well-used it gives a EM: I love high-risk merchants, travel, time share, et merchant an edge. That being said, if the accounts justify, cetera. I find great pleasure working with them, and I I like to do my own loaners from time to time. was lucky to establish very good partnerships for those types. These merchants won't be flipping just because GS: What are three things an MLS should never do? 38

AgenTalk

EM: Never lie to a merchant. Never save your way to would make it or break it. Some ISOs take advantage of a sale. Never give up; this business is rewarding if you the new agents by emphasizing bells and whistles in their work hard. contracts, and they forgot to mention that you are signing your future away. GS: What does it take to succeed in this business? GS: How do you research new verticals? EM: This business takes consistency, constant training and ethics. You miss one, and you are condemned. EM: I try to research vertical markets by reading a lot. The Green Sheet is an excellent source, especially the press GS: What is your experience with agent training? releases because they show what the big boys are up to.

EM: I trained agents back when I worked for the super GS: How else have The Green Sheet's publications and Web ISO, but I'd rather be a one man band now. site helped you?

GS: What would an ideal training program consist of? EM: Without The Green Sheet I would not be in this industry. You guys have earned my devotion. EM: Basics of interchange, how to read and understand statements, how to properly price an account and, lastly, Anybody in this industry should read The Green Sheet in how to make money. Lots of people in this industry are order to be aware of the changes in the industry. I found driven by bonuses, and they would forget the true poten- the online forum when I was giving up, and it opened my tial of this business: the residuals. eyes, literally. I chose to participate because that allowed me to get in touch with professionals across the country. It GS: Did you know enough about industry contracts also allows people to learn from each other at no cost. before you signed one? GS: Any advice for newcomers? EM: I knew little about bankcard contracts when I first started in this industry. I only looked for the Schedule EM: Read your contract, know your partner, educate A, and I was not aware that a simple choice of words yourself in merchant services and read The Green Sheet.

SellingPrepaid

"Importantly, this incident had no financial impact on Visa prepaid cardholders." Visa added that it has taken the necessary steps "to ensure this error doesn't occur again.” ANNOUNCEMENTS

NEWS InComm adds patent Wire transfer remittance attractive Prepaid processor and POS solutions provider InComm received notice in July 2009 from the U.S. Patent and According to a survey by the Association for Financial Trademark Office that the company's patent for the Professionals, 95 percent of 331 financial services pro- System and Method for Authorizing Stored Value Card fessionals said remittance information in wire transfers Transactions was issued. This latest patent protects a would be valuable to their organizations. According to computer-implemented method for POS activation, the AFP, companies do not receive sufficient information deactivation and redemption of prepaid or stored-value on wire transfers to post the payments to the correct cards via POS terminals. amounts without manual intervention. iKobo assists in global payouts While 91 percent of wire transfer recipients – the main beneficiaries of remittance information – indicated they iKobo Money Transfer, a product of processing technol- would use the new data to receive and post incoming ogy manufacturer M2 Global Ltd., introduced the iKobo wires, 61 percent said they would include remittance for Business, a new mass payment service designed for information in outgoing wires, the survey said. small and medium- sized businesses. The payment service offers U.S. companies a way to distribute funds Holiday buying trends for 2009 globally, including commissions, payouts, incentives and rewards, to multiple affiliates on a recurring basis In a report entitled Gift Card Buying Trends: Shopper using iKobo Visa Inc. prepaid debit cards. Intentions and Purchaser Behaviors 2009, Dublin, Ireland-based Research and Markets stated that gift MoneyGram expands services in Canada card purchases continue to increase even in the face of the economic downturn. The report explores who buys Money transfer specialist MoneyGram International gift cards, when, where, why and how. will offer its services to thousands of additional Canada Post Office locations by the end of 2009. In addi- It compares shoppers' intentions pre-holiday 2008 with tion to network expansion, MoneyGram will introduce their holiday gift card purchase behaviors to determine its MoneyGram Rewards customer loyalty program what was actually spent, the types of cards bought, and in Canada, which offers fee discounts and form-free the occasions when gift cards were given and received, money transfers. as well as to predict what may be in store for the 2009 holiday shopping season. PaySpot unveils new brand Visa glitch charges cardholders quadril- PaySpot Inc., a subsidiary of Euronet Worldwide Inc., unveiled a new, worldwide brand under the name lions epay. The epay division is a payment and cash collec- According to Visa Inc., a programming error at Visa tion network and electronic mobile top-up transactions Debit Processing Services in July 2009, resulted in inac- processor. Epay offers a portfolio including top-up or curate charges being posted to some Visa prepaid card recharge services for prepaid mobile airtime, prepaid accounts. As reported on CNN.com, certain users of the debit cards and e-wallets, bill payment services, road prepaid cards discovered a $23 quadrillion charge on tolls, and money transfer and gift card marketing and their statements. distribution. Fly Away without cash "The technical glitch, which impacted fewer than 13,000 Visa prepaid transactions, has been corrected, and Starting Aug. 1, 2009, Calif.-based shuttle company Van erroneous postings have been removed," Visa said. 41

SellingPrepaid

Nuys Fly Away will accept only credit and debit cards vices at nearly 150 CIMB Thai bank branches. The addi- for bus ticket purchases. Passengers can swipe-and-ride tion of CIMB Thai increases MoneyGram's footprint in to Los Angeles International Airport with their Visa, Bangkok, Thailand, by nearly 20 percent. According MasterCard Worldwide, American Express Co. credit to the World Bank, an estimated $1.8 billion was sent and debit cards. Discover Financial Services cards will to Thailand in 2008 by the increasing number of Thai not be accepted. The switch to cashless is expected to people studying, traveling and working abroad. save the company approximately $220,000 annually. O2, NatWest help those on tight budgets Veritec registered as third-party Visa processor Mobile services provider Telefónica O2 UK Ltd. partnered with retail bank NatWest to introduce O2 Money Mobile banking prepaid card solutions developer Veritec cash cards and "fee-free" Visa prepaid cards Cash Inc. was registered by Fresno-based Security First Bank Manager and Load & Go. The cards are designed to help in Visa's Third Party Registration Program. Veritec is consumers manage their budgets by sending real-time now a registered ISO, allowing the company to promote balance updates to the cardholders' mobile phone. and sell Visa-branded card programs, as well as provide back-end processing services for programs on behalf of Multichannel payments expedited Security First. Multichannel bill payment processor TIO Networks VIPGift a valuable CAST member Corp. teamed with marketing firm Budget PrePay Inc. to process TIO bill payments at more than 5,000 of TIO Prepaid solutions and consumer incentive program pro- locations in 45 states. Budget will leverage TIO's trans- vider VIPGift LLC launched its Customer Acquisition action bill payment automated programming interface Sales Tool, an administrative software application that to gain access to TIO's processing entities, which include enables merchant level salespeople to "close the deal" wireless, utility and cable bill issuers. with indecisive customers, while allowing managers to adjust promotional incentive terms and rules. As a Kids get home safe with Taxi on Demand result, companies can maximize their customer acqui- TransCard LLC deployed a prepaid transportation card sition and selling opportunities and minimize overall program with Chattanooga, Tenn.-based prepaid card sales costs. provider Taxi on Demand. TOD cards are issued in denominations of $35, $50, $100 and $200, which pro- PARTNERSHIPS vides cardholders with taxi-specific services anywhere, anytime in the United States. UniverCity Online HYPEs itself UKash, epay sign global deal HYPE UniverCity Online partnered with Visa to offer Online payment specialist UKash signed a deal with the Prepaid Visa Rush reloadable debit card to its mem- epay, a division of Euronet Worldwide, to distribute bers. The interest bearing HYPE Rewards Scholarship UKash vouchers across the epay retailer network in Account also gives instant cash-back rewards to help Australia and Europe. The deal reportedly means Ukash parents and students save money for college every time and its holding company Smart Voucher Ltd. are acces- they make purchases at the HYPE Web site. Cardholders sible for either direct-to-consumer or "white-label" solu- can also send and receive money in real time on HYPE tions (a product or service produced by one company UniverCity. that other companies rebrand) on six continents. JPMorgan, WSEA extend EBT alliance 3-D gift card introduced JPMorgan Chase & Co. renewed its 13-year agreement Versatile Card Technology, a U.S.-based manufacturer with the Western States Electronic Benefits Transfer of payment cards, and Stored Value Solutions launched Alliance (WSEA) to distribute benefit payments via the TerrainCard. Versatile said the new card construc- electronic benefits transfer (EBT), direct deposit and tion – a "multilevel" card front and a flat back – opens up prepaid cards. Through its continued partnership with opportunities for designers to add a degree of perspec- JPMorgan, WSEA can supply "needy" families with con- tive and dimension to card designs that were previously venient, safe and easy-to-use EBT and debit cards that not possible. Designs can include one or more raised allow recipients to access their benefits and payment levels with beveled or sloped edges. programs. MoneyGram expands Thai footprint Alliance expands European NFC, contactless technology MoneyGram formed an alliance with CIMB Thai Bank Public Co. Ltd. and will offer its money transfer ser- Dublin, Ireland-based mobile prepaid, gift card and loyalty solutions provider Zapa Technology selected pay- 42

SellingPrepaid

ment software solutions firm Postilion, and S1 Corp., The younger to provide the payment platform for its European card processing services. Zapa will make use of contactless On the other end of the spectrum are generation Y con- and near field communication technologies to drive sumers – teenagers and young adults – who have come customer acquisitions, including its Zapa TAG, an NFC of age using debit-style products and constitute one sticker on a mobile phone that collects loyalty points or reason for the steady rise of debit card usage over the holds stored value. past decade. TowerGroup's report demonstrates that shift from credit card to debit card usage. In 1999, debit cards account- ed for only 22 percent of Visa Inc.'s and MasterCard Worldwide's total annual purchase and cash volume. It stood at 48 percent in 2008.

Therefore, the comfort level younger consumers have with prepaid cards for activities like person-to-person Financial storm money transfers and online gaming bodes well for prepaid's future. perfect for prepaid? The alternative

What Moroney likes about prepaid cards is their versatil- he regrettable state of the economy, with unem- ity. In a 2006 TowerGroup study, Moroney said prepaid ployment pushing double digits and the credit cards help banks cultivate new relationships, cross-sell markets struggling to regain stability, makes additional products and retain existing customers by T prepaid cards that much more of an appealing helping them control credit card use. alternative. So says Dennis Moroney, Research Director, Bank Cards for payment consultancy TowerGroup. For example, the wage earner in a family may lose his or her job and be unable to pay off a credit card. A report coauthored by Moroney, Credit Card 2.0: Smaller Instead of the bank severing the relationship with the Balances and Tighter Margins, states that U.S. consumers customer, the institution can issue a prepaid card. have lost half of their net worth since 2007. Trust in major U.S. financial institutions is low. And household debt has "The idea is to maintain the relationship," Moroney said. increased from $3.6 trillion in 1994 to almost $14 trillion in "Work with the consumer so you have a customer for as 2008 – a compound annual growth rate of 10 percent. long as they live."

Consequently, consumers are looking for alternative ways Moroney recognizes two main obstacles to the growth of to reduce debt and save money. "What is the saying – ris- the industry: excessive fees and government regulation. ing tide lifts all boats?" Moroney said. "I think you've got He believes the strategy of taking advantage of finan- some of that going on here." According to Moroney, one cially vulnerable cardholders by charging undue fees is component of this rising tide is consumers – young and a "short-sighted" practice of smaller industry players. "I older – turning to alternative payment tools for different think it's given a black eye to the industry," he said. reasons. The older The issue of regulation has become vexing, Moroney stated. The Credit Card Accountability Responsibility For example, the aging baby boomers who were set to and Disclosure Act (known as the Credit CARD Act) hit slide into retirement on the funds invested in 401ks must the payments industry hard, he said. Signed into law by devise new financial strategies since many of their retire- President Obama in May 2009, the act places restrictions ment nest eggs were reduced or destroyed by the plunge on issuers, such as limiting interest rate hikes and fees and of the stock market in 2008. imposing new disclosure requirements.

"I think now the savings rate is almost at 7 percent, when "They're all running around, trying to figure out how to it was hovering around 1 percent for the last several get into compliance by 2010," Moroney said. "It's an enor- years," Moroney said. "So people are squirreling away mous amount of work." money to try and build up some reserves." An outcome of the new law may be that issuers turn to One way they do that is by foregoing credit cards and prepaid products to offset the added burdens on credit their double digit interest rates for prepaid cards, which card issuing. As Moroney said, prepaid cards may be the disciplines consumers to spend within their means, "final frontier for organic [economic] growth." Moroney said. 43

SellingPrepaid

Under CDHC, health care providers collect directly from Keeping patients, not insurers. Therefore, CDHC places more of a burden on consumers. But with that comes greater patients sticky control over what products and procedures they utilize. Proponents of CDHC believe that when consumers s payment ecosystems go, the health care take greater ownership over their health care choices, and marketplace is perhaps the most complex. To pay more out-of-pocket expenses, they will make wiser advance electronic payments in this arena, decisions. A insurers, health care and merchant service providers, financial institutions, as well as consumers, One driver of CDHC adoption is prepaid card programs. must all be on board. The intricate coordination that must The three primary types of programs are employee-fund- be achieved is why the health care marketplace has been ed flexible spending accounts (FSAs), employer-funded slower to develop than other verticals. health reimbursement accounts (HRAs) and employee- or employer-funded health savings accounts (HSAs). But MasterCard Worldwide's decision to extend its multi- Vanderwall said the first FSA cards were MasterCard- year contract with the banking division of OptumHealth branded. Group to issue MasterCard-branded health care payment cards is a sign that the electronic conversion of paper- A 2008 Celent LLC report estimated consumers spent $250 based health care payments may be gaining momentum. billion in out-of-pocket health care costs in 2007. But only $8 billion of that was paid via prepaid health care cards "A key component in card adoption and usage is ensur- tied to FSAs, HRAs and HSAs. If 10 percent of the remaining availability of these card products through relation- ing $242 billion migrates to electronic payments, industry ships with issuing banks and program managers," said players may achieve $363 million annually, not includ- Jennifer Vanderwall, Senior Business Leader, Healthcare ing processing fees, finance charges and other revenue Solutions, MasterCard. By having access to OptumHealth streams, the Celent report said. Bank's over 2 million health care cardholders, MasterCard is able to reach "a significant audience," she added. Optimal solution

Vanderwall said MasterCard's deal with OptumHealth Vanderwall believes that to reap that revenue, consum- includes the accounts the health and wellness company ers must be informed of the advantages of putting health manages for United Healthcare Services Inc. care payments on prepaid cards. "Educating consumers about the ease and convenience of using a payment card Cost escalation to access funds in their tax-advantaged accounts are para- mount to wider adoption," she said. According to a November 2008 report prepared by the Office of the Actuary, Centers for Medicare & Medicaid "For example, MasterCard cards issued under the agree- Services and the Department of Health and Human ment with OptumHealth Bank can be used as a form of Services, health care expenditures in the United States are payment for eligible health care expenses, eliminating the projected to hit $4.3 trillion in 2017, more than doubling need for employees to file lengthy, paper-based claims for the $2.1 trillion spent in 2006. As a percentage of gross reimbursement," she said. "Eligible health care expenses domestic product, spending is expected to reach 19.5 include: copayments, deductibles, prescriptions, vision percent by 2017, up from 16 percent in 2006. "That repre- care and certain IRS eligible, over-the-counter items. sents a tremendous opportunity for electronic payments," Payment cards make it easier to pay for health care Vanderwall said. expenses without extensive paperwork."

She cited a 2008 MasterCard survey that reported two- According to Vanderwall, MasterCard has seen the great- thirds of doctor's offices and nearly 90 percent of hospitals est approval from health care providers. Office managers use electronic payments. Additionally, almost all large labor under the burdens of back-end paperwork and medical practices (defined by MasterCard as offices of patient billing. They must also deal with patients con- five or more physicians) accept plastic, Vanderwall said. fused and frustrated by the insurance claim process. Such figures lead her to conclude that "there's certainly demand from both consumers and providers for elec- "Providers count on patient payments to keep their tronic payment options." business going, and that's where we've seen the most New paradigm satisfaction from providers as a result of accepting card payments," she said. With skyrocketing health care costs and employers cut- ting back, or eliminating, insurance to employees, health "In fact, a recent MasterCard survey shows that physi- care payments are undergoing a transformation through cians cite patient convenience, safety and security for their implementation of the Consumer Directed Health Care office; guaranteed payment; and ease of recordkeeping as (CDHC) model. among the top benefits of payment card acceptance." 44

SellingPrepaid Triumphs and travails five miles of where they live, Bang said. of kiosk deployments Avery Dennison's learning curve According to Faith McPherson, Director, HR Transactional elf-service kiosks are an important tool for Services at Avery Dennison Corp., the pressure-sensitive reaching customers with prepaid card products. technology provider rolled out kiosks on the shop floors of Situated in supermarkets, convenience stores its U.S. manufacturing plants in 2004. The company's goal and financial institutions, automated kiosks can was to give its blue collar workforce access to employee S benefits information, job postings, and paycheck review- function around the clock and facilitate myriad services. For example, unbanked individuals without access to tra- ing and printing. ditional bank accounts can use kiosks to transfer money, deposit their pay, check balances and pay bills. McPherson and her colleagues thought they were providing the company's workers with a valuable service. But But significant effort and resources must be expended they were wrong. "The feedback we got back from the to deploy kiosks effectively. A webinar sponsored by the employees at the manufacturing facilities was that we Self-Service & Kiosk Association highlighted three com- were taking the human out of human resources," she said. panies whose kiosk deployments proved successful, but "So here we were trying to better things for our shop floor not without missteps along the way. employees, and they saw it as taking something away from them." FSCC's risky venture What Avery Dennison had failed to do was understand When the Financial Service Centers Cooperative Inc., the mindset of its workers, McPherson noted. The com- which calls itself the largest shared branch network in the pany corrected the problem by manning the kiosks with United States, realized in 2003 that it needed to expand support personnel to help workers understand the ben- its services to provide more convenient access for its efits of the kiosks and how to use them. 36 million customers nationwide, it decided on self- service kiosks. Dave & Buster's powers up

"We knew we needed something more than an ATM but Greg Clore, Vice President, Information Technology at less than a million dollar brick- and-mortar branch," said Dave & Buster's Inc., has overseen the deployment of 283 Sarah Canepa Bang, Chief Executive Officer at the FSCC. POS and 62 loyalty kiosks in Dave & Buster's restaurants and fun centers in North America. The POS kiosks accept The kiosk solution agreed upon was a combination of and dispense Power Cards, which are gaming cards used the FSCC's own kiosks deployed at credit unions and the to play Dave & Buster's arcade and video games. The loy- Vcom (Virtual Commerce) units located in 7-Eleven Inc. alty kiosks allow Power Card customers to enroll in the stores. But Bang was not certain the FSCC's customers chain's loyalty program. According to Clore, successful would use the kiosks. kiosk deployments save companies money in the long run and improve customer or employee satisfaction. In Dave Statistics showed that while 85 percent of bank customers & Buster's case, the kiosks have done both, he said. visit their branches at least once a month and 50 percent of all banking transactions are performed at branches, The kiosks upsell customers better than Dave & Buster's only 5 percent of customers are "branch independent," employees because the kiosks convey a consistent mes- Bang said. sage. The solution also "drastically" reduces costs for the chain by eliminating stations where employees once So the FSCC's kiosk proposition rested on the hope that sold the cards. Furthermore, the kiosks reduce customers customers set in their ways would use something that having to wait in lines to purchase or reload their Power wasn't a branch but wasn't an ATM either. Bang's worries Cards. were lessened when customers started using the simple- to-navigate kiosks 15 minutes after they were deployed. Clore stressed that companies should invest in usability studies to understand what customers want in kiosks and The FSCC has found that 60 percent of transactions how they prefer to go through the transaction process. In performed at the kiosks are deposits, with the average addition, companies should thoroughly investigate kiosk deposit amount of $600. Additionally, loan payments vendors before deciding on the right one based on the have been popular, which has been especially gratifying company's deployment parameters. for the FSCC, given the recession. "Another important point is to pilot your kiosk," Clore With credit unions closing due to the economic downturn, said. "Measure the result. Are you getting what you need? the FSCC was able to retain its customers because kiosks Change those results if needed. Pilot again. Measure were conveniently located in 7-Elevens within three to again before you do full deployment."

47 CompanyProfile

A right-sized acquirer

n an advertisement that has fre- in an often turbulent industry and First National quently appeared in the pages economy. Merchant Solutions of The Green Sheet, National I Processing Co. states that "It's not only from a knowledge First National Merchant Solutions and experience standpoint, but cer- ISO contact: provides the back-end settlement tainly from a reputation standpoint," Diana Mehochko function for NPC's card process- Mehochko said. "That's what we President ing. Why? Because, as the ad states, bring literally in spades. It's our Phone: 402-633-2024 FNMS "sets the standard as a strong, reputation, our stability in bringing stable, dependable, back-end service the level of service that I think truly Victor Susman provider." is unparalleled in the marketplace." Senior Vice President In 2008, FNMS processed $51 billion Relationship Management and Portfolio Services As Diana Mehochko, President of in sales, which breaks down to over Phone: 402-633-2024 First National Merchant Solutions, 700 million transactions at more than E-mail: [email protected] points out, that mention is a tes- 300,000 locations. tament to the Omaha, Neb.-based processor's stature in the payments In Bankcard today: 2009 acquirers Company address: industry. "That's right in your maga- report, GSQ Vol. 11, No. 4, December 1620 Dodge St. zine, their advertisement – the sec- 2008, FNMS was ranked seventh Omaha, NE 68197 ond bullet point," she said. among acquirers. It reports over 19 Phone: 800-354-3988 ISO relationships and has dedicated Fax: 866-267-1197 Proven a specialized internal group to main- Web site: www.fnms.com FNMS, a subsidiary of First National tain its ISO, agent- and referral-bank programs. ISO benefits: Bank of Omaha, started processing electronic transactions in 1953. • Single-source provider of front-end authoriza- In-house The family-owned bank, which was tion, bank sponsorship and back-end settlement founded over 150 years ago, is still According to Mehochko, FNMS is • Stability of a privately held financial institution owned by the Lauritzen family. still one of the few processors to • Consistent service Boasting low employee turnover and provide its customers with full, in- • Team-oriented approach 190 sales professionals in 45 states, house services – from card produc- • 50-plus years of experience FNMS claims stability and reliability tion to back-end processing. That

First National Merchant Solutions' Trustkeeper Web site www.getcompliant withfnms.com 4848

CompanyProﬁ le attribute gives the company a flexibility and agility that its competitors do Therefore, FNMS has partnered with not share, she said. "I think with the large processors out there, like a TSYS, security compliance firm Trustwave a First Data, a Global, those entities certainly did outsource [functions] in the to offer Trustkeeper, Trustwave's on- past years," she noted. "They haven't brought it back in-house because it is an demand, proprietary vulnerability expensive venture to start from scratch to do that." assessment and compliance management solution. FNMS merchants go Keeping functions in-house enables FNMS to respond to customers' needs to www.getcompliantwithfnms.com to comprehensively and speedily, since FNMS executives can quickly convene to enroll with Trustkeeper. Then mer- make prompt, informed decisions, Mehochko said. chants are guided through the steps to bring their businesses into compli- New initiatives ance with the PCI DSS. Along with a push into the Puerto Rican and U.S. Virgin Islands markets, FNMS is expanding its operations into three key areas: health care payments, Mehochko considers the service to data security compliance and prepaid cards. About FNMS's health care pay- be part of FNMS's responsibility as ment program, Mehochko could only say the company is on the verge of sign- a consultant to its merchants. But ing a relationship with an entity that will bring a first-in-class product to the it is also part of a larger strategy. marketplace. But the processor is also aggressively undertaking a Payment "[We're] certainly looking at how we Card Industry (PCI) Data Security Standard (DSS) compliance program tar- can manage our business in this eco- geted toward level 4 merchants. nomic crunch," Mehochko said. Taxi-sized Mehochko agrees that level 4 merchants – businesses that process fewer than 20,000 Visa Inc. or MasterCard WorldWide e-commerce transactions per year The third area of expansion and all other businesses, regardless of acceptance channel, that process up to for FNMS is in the prepaid card 1 million transactions annually – are the most vulnerable to breaches because arena. In January 2009, Yellow Cab they lack the funds and know-how to put in place state-of-the-art security Cooperative of San Francisco, which systems. operates 500 taxis in the city, began offering the smartOne Visa Inc. Pay Card to its cab drivers.

According to Scott McCormack, Vice President of Prepaid Solutions at FNMS, the co-op had to have tens of thousands of dollars on hand to pay their cabbies in cash at the end of their shifts. On some days, the co-op would run out of cash. So the co-op contracted FNMS to furnish a program that would alleviate the burden of having to make daily trips to the bank.

Now, instead of being paid entirely in cash, the co-op's cabbies get most of their pay loaded onto open- loop, Visa-branded cards. Now cabbies – mostly recent or fairly recent immigrants – don't have to leave the co-op with large amounts of cash on their persons. Additionally, the cards provide cabbies with greater convenience and flexibility in their financial choices. Cabbies can use the cards to withdraw cash from ATMs or make purchases anywhere Visa debit cards are accepted – online, over the phone or in-store.

For the co-op, the program has been a "significant" money saver, McCor- 49

CompanyProﬁ le mack said. On the front-end, the co-op is not charged fees Right-sized by the bank to withdraw large sums of cash every day. And, by doing daily automated clearing house deposits FNMS's definition of a client includes agent banks, mer- to the cards versus doling out cash payments to cabbies chants and ISOs. Since the company views ISOs as cus- standing in line, the co-op speeds up payments to cab- tomers, it operates a full-service Account Management bies and can divert staffing resources to other areas of Team to support its ISO partners. Its duties include opera- the business. tional, technical and conversion support. Mehochko said the team is there to answer ISOs' questions. If needed, Metavante Corp. provides the authorization and denial FNMS representatives will travel to ISO locations to offer engine for the taxi payments solution. Mehochko said that in-person education and training. function is the only one FNMS outsources. FNMS chose Metavante because of its expertise in prepaid card pro- Additionally, FNMS offers annual First Focus seminars cessing, McCormack said. Another deciding factor was to ISOs to bring them up to speed on chargebacks, fraud, that the two companies were a "good fit" for each other, security and other issues. FNMS's hands-on services seem with both having evolved out of similar banking cultures, inextricably tied to the moderate size of the company. he added. Mehochko believes FNMS is of a business size neither Parking is another vertical that FNBS is looking at as too big nor too small. It is big and strong enough to a possible way to expand its prepaid card services. withstand tough economic conditions. But it isn't too big "Certainly the existing relationships we have in the park- that customer service is affected as it may be for giant ing lot [vertical], we are using those as stepping stones to corporations. Mehochko said FNMS is in "a nice niche" in provide or sell or cross-sell other products and services," terms of its size which enables it to enjoy "having the con- Mehochko said. "We have a large sales force here – close to trol from an in-house processing standpoint, having that 200 people," McCormack said. "Certainly our opportunity flexibility, having that nimbleness, and certainly today, is to utilize that sales force to bring additional solutions having that stability and that wherewithal that perhaps to not only prospects we are talking to in various different other financial institutions are not appreciating in this vertical markets, but also our existing client base." economic time." 50

News Visa consolidates, Another take But Lee Manfred, Partner, First Annapolis Consulting, restructures sees Visa's restructuring a bit differently. He believes it shouldn't come as a big surprise given the present eco- isa Inc. Chairman and Chief Executive Officer nomic climate, which has forced businesses to make cost Joseph W. Saunders reported on July 27, 2009, and workflow management streamlining a top priority. that the company is reorganizing its executive V management team to heighten the effective- "The company is 18 months out from their IPO, which ness of its global operations. As part of the restructuring, involved a restructuring of massive proportions and Visa’s global sales, client services, marketing, product was much more complex than the MasterCard IPO," development and information technology functions will Manfred said. "Visa not only moved from a member of an be consolidated under the leadership of John Partridge, Association to a public company, but they consolidated the company’s Chief Operating Officer. from many regions and subsidiaries into a single company. So I see it as more of an ordinary course of health During this changeover, John C. Morris will step down as and hygiene in running a big business; you have to be President. He will remain with Visa until the end of 2009 ever-vigilant in addressing costs." and work with Saunders to assure the transition is seam- less. Morris joined Visa in 2007 and played a central role Indeed, Manfred believes Visa's performance during the in the company’s successful initial public offering (IPO) transition has been commendable and that the company is in 2008. on solid ground. "I think a more efficient Visa is good for the market," he said. "Aligning product, technology and "We’ve come a long way since October of 2007 when we client services makes all kinds of sense. And Partridge merged five different independent Visa operating regions, knows the tech and product side and has very strong cus- Visa International and its global payment processing tomer relationships. That's one thing that Visa has always subsidiary, Inovant, into one company called Visa Inc. done very well, so I think they'll be just fine." and successfully took the company public," Saunders said. "Since the IPO, we’ve expanded our core debit and credit business, reduced operating costs by hundreds of Cabbies roll with millions of dollars and heightened our focus on product innovation." VeriFone terminals

Pushing the stock n 2007, complaints about VeriFone terminals Visa officials were unavailable for comment. Meanwhile, integrated into New York City and Philadelphia opinions about the cause and potential ramifications of taxis forced a two-day cabbie strike. Times have the company's restructuring are varied. Visa's IPO opened I changed. VeriFone worked to eliminate bugs in the at just over $44 a share in April of 2008. The stock is cur- system, and acceptance of paying for cab fare with plastic rently at $66.60 per share, down from a 2009 high of $70 increased among cabbies and consumers. And VeriFone on June 5. In contrast, MasterCard Worldwide's stock reported in August 2009 that over 1,000 payment termi- price since its IPO in 2006 has gone from approximately nals were successfully implemented in Boston-area cabs. $44 to just under $200 per share on July 29, 2009. VeriFone Transportation Systems, a joint venture between Paul Martaus, President of consulting firm Martaus & VeriFone Holdings Inc. and taxiTronics, installed ATM- Associates, believes Visa's move was not done to consoli- style, interactive systems into the Boston cabs. The termi- date the company as much as it was to bolster its stock. nals are based on VeriFone's MX870 multimedia payment He feels that Visa has simply not responded well to its systems and are integrated with VTS' wireless technology IPO. to allow mobile acceptance of credit and debit cards. Additional features include dispatch automation and "The board of directors had to announce their earnings voice-guided navigation. yesterday and though they did meet the guidance, the Good to go bottom line is that their stock has gotten the stuffing beaten out of them by MasterCard, who is doing just fine," John Ford, President and owner of Boston's Top Cab Inc. Martaus said. and City Cab, said the systems (in place since June 2009) are working well. "So far, so good – no real problems, no "So they take the architect of the IPO and, not wanting real complaints," he said. According to Ford, passengers to embarrass him completely, put him in an unspecified recognize the benefits of paying for longer cab rides with capacity in what the banking industry calls the old lateral plastic. Instead of taking short cab rides to train stations as arabesque. I just think it means that they're no longer first legs in longer trips, passengers are opting to make the invulnerable." whole journey in the cab and paying with their cards. 51

News

Ford said, "They now see the credit card machine and say SIG Chairman. "So the very first thing we needed to do in to the cab driver, "How much to go to my [final] destina- the SIG was help merchants and auditing people under- tion?' And they get a price and they end up doing it." stand what is inside and outside the scope of the wireless The cabbies are happy, too, he noted. Longer trips mean environment. higher fares. Additionally, Ford has seen an increase in ridership in the over 500 cabs he operates. "We want to educate everyone that is under the DSS compliance umbrella what issues they will have to deal with Ford said Top Cab and City Cab had been working with because of the prevalence of wireless technology today VTS on the terminals since February 2009. A pilot pro- and the potential for it to be used in a nefarious method." gram proved successful; now his entire fleet of cabs is equipped with the VeriFone solution, Ford added. Raising the scope Red to green The SIG was formed in 2008 by the PCI Security Standards Council (PCI SSC) to investigate wireless technology, The present circumstance seems far from the problems make specific recommendations to increase its security in VeriFone encountered in September 2007 when East Coast accordance with the PCI DSS and reduce the potential for cabbies staged a two-day strike to protest the POS termi- wireless implementations to be entry points for attacks on nals integrated into their cabs. networks containing cardholder data.

Reports varied as to how many of New York's approxi- The SIG's wireless operational guide for complying with mately 44,000 licensed cab drivers and Philly's 1,600 medal- the PCI DSS is broken down into two primary categories: lioned drivers participated. But it was enough to generate considerable attention on the street and in the media. • Generally applicable wireless requirements • In-scope wireless networks The drivers filed a list of complaints about the new technology, including: "glitches" in the system, which caused The SIG recommends all organizations institute the delays and other problems in dispatching; the noise and requirements specified in the first category to protect their distraction of the passenger screens over which drivers networks from attacks via rogue or unknown wireless had no control; and transaction fees of up to 5 percent assessed on drivers; Long waits for payments

At the time, Pete Bartolik, spokesman for VTS, said, "Not all technical issues are equipment-related. Some may be affected by the cars' mechanical problems, driver training and drivers' [unwillingness] to adapt to change. ... Finally, data from our implementation in Philadelphia shows that drivers benefit from higher tips when customers use card payment." This mirrors reports from the restaurant industry, which show measurably higher tips for wait staff from patrons using credit cards instead of cash. Negotiating the wireless security minefield

n July 2009, the PCI Security Standards Council's Wireless Special Interest Group (SIG) published an information supplement on how the Payment I Card Industry (PCI) Data Security Standard (DSS) applies to wireless retail environments and what practical methods and concepts should be implemented to secure wireless devices in those environments.

"Wi-Fi has made a large penetration into the wireless POS market and we felt there was a need to define a common set of concepts and vocabulary," said Doug Manchester, Director of Product Security for VeriFone and the Wireless 52

News access points and clients. The "in-scope" requirements are ately secure cardholder data over wireless transmissions," specifically for organizations that transmit payment card Leach added. information over wireless networks. Lowering the confusion Leveling the field Up until now, merchants and payment professionals mis- "The paper is designed to provide a common nomencla- understood the wireless requirements of PCI, Manchester ture for the merchant, the Qualified Security Assessors said. Therefore, the PCI SSC wanted the SIG to provide [QSAs], ISOs and financial institutions so that everyone clarity in this arena. Manchester feels the guidelines take is speaking the same language and is on the same page," the best current security practices for wireless and extend said Troy Leach, Technical Director, PCI SSC. "It's really them into actual working scenarios that ISOs and mer- about trying to draw together a common understanding chants might encounter. so that ISOs, merchants and financial institutions can talk on a level playing field with the assessors. "Wireless is going to be moving into a non-linear growth phase," Manchester said. "Payment solutions on wireless "The council is focused on providing documentation devices have existed since 2005. Now there aren't huge guides to flesh out what these requirements mean. A lot volumes of that. of folks think of the wireless environment as just requirement four – wireless transmission of cardholder data over "But what has happened – especially in the case of Wi- public networks – but there are requirements in all 12 Fi – is this proliferation of hot spots like coffee houses, domains that are applicable to wireless." grocery stores, airports, buses and trains. So the decision was made by all participants in the SSC that the time has To help supplement the Wireless SIG's paper, the PCI SSC come to get out there and get this tuned before we hit opened its two-and-a-half day QSA training workshop critical mass." to all payment professionals and merchants. "It's very core technology that is discussed, but I think it's another For more information, visit https://www.pcisecurity demonstration on our part that we are trying to work standards.org/pdfs/PCI_DSS_Wireless_Guidelines.pdf. with everyone and educate them on how to appropri- SPVA broadens membership base with global players

primary focus of the newly formed Secure POS Vendor Alliance is to develop its membership base. To that end, five payment orga- A nizations have joined its ranks since May 2009: Heartland Payment Systems Inc., Moneris Solutions Inc., Radiant Systems Inc., Atos Worldline and Witham Laboratories. The SPVA is a nonprofit organization dedicated to enhancing data security worldwide.

"We decided to join because we want to support all attempts to build a more secure payment network," said Robert O. Carr, Chairman and Chief Executive Officer at Heartland. He doesn't know what Heartland's role will be at the SPVA, but he expects it will be an active one.

Brian Strange, Senior Manager for Product Development for the Hospitality Division for Radiant Systems, said his company wanted to participate in the SPVA's information sharing mandate. "Exposure to other people in the payments space is just all around good for business," he said. "There is some sharing, but certainly processors aren't jumping through hoops to tell us exactly how one of our competitor's may have been breached. And so being around other people in this space is definitely important." 53

News

Australia-based Witham Laboratories has similar goals. program where POS vendors can achieve certification and "There are various security requirements and standards receive the alliance's endorsement, Rasori said. that apply around the world," said Mario Sist, Operations Manager at Witham. "Sometimes they align well and Connectivity other times they don't. Membership to SPVA will provide Earlier in 2009, Carr founded the Payments Processing a forum to discuss how these requirements interact." Information Sharing Council, which held its first meeting in May. Carr said a priority of the PPISC is to develop Additionally, Witham hopes to achieve "a closer rela- end-to-end security, and since that requires security tionship with POS vendors within the industry, as well parameters for the POS terminals themselves, it made as an increased exposure for our company worldwide," sense for Heartland to join the hardware manufacturers' Sist noted. association. Structure Carr said that to do a better job of securing the payments At the April 2009 press conference to announce the found- system from destructive data breaches, it is vital that paying of the SPVA, Paul Rasori, VeriFone's Vice President of ment businesses talk to each other about security issues Global Product Marketing and the SPVA's first Treasurer, through facilitators like the SPVA, the PPISC and the said, "Membership is the most important part of what we Payment Card Industry Security Standards Council. are putting together." "The most important thing is to share information about The SPVA has two classes of membership. General mem- known attacks," he said. "I think that's the key. And a lot bership is open to organizations in POS terminal man- of people, I think, agree with that." ufacturing, such as founders Ingenico, VeriFone and Hypercom Corp. Their mission is to create secure POS ter- The SPVA will hold its first meeting Aug. 26 to 27, 2009, minals. An associate member is defined as any payments at the Hotel InterContinental in Miami. It is scheduled to industry organization that offers products and solutions host its next meeting in Paris in November 2009. that interact with POS terminals. To find out more about the SPVA, visit www.spva.org. "Obviously we want to have a much broader view of the overall environment, so we're also inviting membership to essentially any other company that is involved with the payment system, which would include banks, acquirers, merchants, point of sale vendors, software vendors, other standard setting bodies," Rasori said.

Through working groups, general and associate members will attack security issues together, Rasori added. The SPVA's management committee, which will be elected on a rotating basis after the founding members have completed their terms, will oversee the working groups.

The committee currently consists of founding members Christophe Dolique, Ingenico's Executive Vice President, Global Marketing & Transaction Services, serving as the SPVA's first Chairman; T.K. Cheung, Vice President of Global Quality and Security at Hypercom, serving as the SPVA Vice Chairman and Chief Technology Officer; and Rasori. Two additional general membership participants elected by their peers serve on the committee as well.

The goal of the management committee is to "maintain an open and inclusive membership, facilitate these technical working groups, agree on what problems we are going to try to attack in the marketplace, and then bring the entire membership together to actually solve those problems and create best practices and other types of auditable security guidelines," Rasori said.

Once security standards are formalized and ratified by the committee, the SPVA will implement an approval 54 TradeAssociationNews MWAA raises the conference bar year by year

atisfaction was in the air as the Midwest Acquir- increase to "a better overall program than last year and ers Association's seventh annual conference Chicago being a better overall business destination than came to a close July 24, 2009, at what the Chicago St. Louis for the merchant services industry." Tribune rated the "coolest" Chicago suburban S Innovation hotel: the Westin Lombard Yorktown Center in Lombard, Ill. The show offered a mix of classic tradeshow offerings, The 11 companies participating in the Innovation Hall refinements to previously tested ideas and new options each had a 12-foot booth with special placement and sig- – all coordinated to help industry professionals adapt and nage instead of the standard 8-foot booth, and company thrive in today's uncertain economic environment. representatives were given time to present their innovations either at dinner on Wed., July 22, or lunch Thurs., "Some new people on the advisory board and on the board July 23. And one, SecurityMetrics, was selected to receive really came through for us," said Mark Dunn, MWAA the MWAA's Innovator's Award for its Payment Card Treasurer and founder of Field Guide Enterprises LLC. Industry Data Security Standard compliance solution. "Donna Embry's connections to the banking industry and the Federal Reserve really beefed up our meetings, and While exhibitors were setting up their booths on the idea of the Innovation Hall came from a group of Wednesday afternoon, other participants were able to people on the board. It's a little bit different change in attend either "Growing your ISO in a difficult economy," format, but I think it brought in a lot of people." a Field Guide Seminar produced and hosted by Dunn, or presentations on the ABCs of remote deposit and prepaid. Indeed, the event had 53 more participants than in 2008, The keynote, "Leveraging analytics and insights to man- broken down as follows: 311 participants were ISOs, age fraud," by Global Solution Leader Phillip M. Miller banks and merchant level salespeople (MLSs), and 166 preceded the opening reception. And after dinner, come- were vendors, for a total of 477. Dunn attributes the dian Greg Morton entertained the crowd.

The following day was packed with general sessions on industry legislation, pricing methodologies and breakout sessions: one track designed for ISOs, processors, vendors and banks, and the other geared for MLSs. There was also plenty of time to mix with partners, clients and peers in the exhibit hall. The MWAA's passport program, initiated in 2008, was expanded to enthusiastic feedback. It required those who wanted to be included in a drawing for prizes (everything from gift cards to getaways) to attend a certain number of events and visit a variety of exhibitors to qualify. Inspiration

The closing keynote by Juan Ortiz, Vice President of Business Development for BluePay Processing LLC, echoed the conference theme of creating opportunity from uncertainty. Drawing from his experience in overcoming extreme challenges in his youth, Ortiz illustrated how the principles he learned early on can be applied to great effect by people in all walks of life, including merchant acquiring. The principles, in brief:

1. Get a dream and a reason to live. 2. Find a mentor. 3. Set goals. 4. Devise a game plan. 5. Give back.

Planned with the help of Tina Smith and Bob Giese of Travel Leaders, a franchise of the Carlson Companies, 55

TradeAssociationNews the conference was both electric and relaxed. People were None more passionate engaged in animated conversation over meals, at booths, in hotel suites and in corners of the lobby. Some folks PAI President and CEO John J. Leehy III – and Embry's made new connections; others solidified existing relation- current boss – worked with her in the 1990s, and when ships. Some sought answers; others provided them. Some he formed PAI in 2005, he wanted Embry on board. reaffirmed what they are already doing; others found "There is no one in this business more passionate – not entirely new directions. Those who signed up for Friday only about the industry itself, but about the possibilities morning's golf excursion had partly cloudy skies, but the in it," Leehy said. "She has created so many opportunities fresh, warm breeze and lush, green landscape offered one that so many of us have benefited from. She just brings of the best summer environments to be found anywhere. a genuine love to this industry." Embry's enthusiasm for her chosen career remains as strong as ever. "I've An article about Donna Embry's Lifetime Achievement been so lucky to have worked with outside-the-box award, presented during the conference, follows in this thinkers who are just as passionate as I am," she said. Trade Association News section. In addition, insights "There is so much dynamic change and opportunity in offered during the show by a small sampling of par- this industry; my only sadness is that I don't have another ticipants can be found at www.greensheet.com/reports/ 40 years." mwaacomments09.pdf. For more information about the MWAA, visit www.midwestacquirers.com. ControlScan extends Embry enters involvement with ETA payment hall of fame ayment Card Industry (PCI) Data Security Standard (DSS) compliance solutions firm onna Embry, Senior Vice President for Payment ControlScan Inc. said it will participate on Alliance International, was honored with the P two committees of the Electronic Transactions Midwest Acquirers Association's Lifetime Association to help educate ISOs, acquirers and the small- Achievement Award at its seventh annual con- er (level 4) merchants on PCI DSS compliance issues. Joan D Herbig, ControlScan's CEO, renewed her position on the ference held in Chicago in July 2009. A 43-year veteran of the payments industry, Embry said she was overwhelmed Fraud and Risk Committee. Heather Varian Foster, Vice by the accolade. President of Marketing, joined the Education Committee.

"The fact that your peers recognize you for something "Small merchants make up the largest percentage of the over and above what you deal with on a daily basis was overall merchant population and they are also the most very humbling," Embry said. "I've always considered frequently breached," Herbig said. "We felt the ETA would myself a student of the payments industry, and I guess provide a platform that will allow us to talk about the I've earned my degree now. And it's such an interesting unique challenges small merchants face in the PCI com- business because you get to touch on everything from pliance game. Many level 4 merchants – as well as many consumer behavior to economics and technology. Once ISOs and acquirers – are just not well educated about PCI. payments is in your blood, it's hard to get it out." We want everyone to better understand what they need to do to become compliant." Giving without hesitation Nuts and bolts Over the past four decades, Embry has served in a number of executive positions and has inspired and motivated Foster said that in the two years she and Herbig have been many other industry veterans. Linda Mahy, President and with ControlScan, they have developed a mantra to ele- Chief Executive Officer of Connective IQ, said there are vate security "across the board" and build programs that people you know and appreciate for a reason, a season or target both of their audiences. "We want to make sure this a lifetime, and her relationship with Embry falls into the is not just a check the box and get it done type of thing," latter category. Foster said. "It's about building a security platform where they are assured their credit card data is protected. "No matter where we've worked we've kept in touch throughout our careers," Mahy said. "The best thing about "It's not so much explaining PCI as it is getting tactical Donna is that she works her network tirelessly, stays in and explaining the procedure step by step, to deliver touch with her relationships and is always helping other short snippets of education applicable to where the mer- people. She is a living, breathing example that the good chant is in the PCI compliance process. The main thing you do comes back to you tenfold. Donna can truly deep- here is that we need everyone to know that level 4 com- dive on any subject in payments. I just can't say enough pliance is a big deal and that it takes an army of people good things." to get this message out there. We want to be significantly contributing to that."

CoverStory Breach liability from page 1

Finding liability that the merchant will absorb everything – although he added there were exceptions, including instances in Generally speaking, determining liability is a top-down which acquirers turned the tables and paid the whole tab process that begins with the card issuer. If the issuer itself themselves. "I do know cases where there's been a breach is breached, the ensuing process is relatively straightfor- – not terribly large, and the acquirer has decided for the ward, at least in theory; that organization takes the hit, business relationship or whatever reason not to pass the pays whatever costs were racked up with stolen card data fine – they've eaten it," he said. and then undertakes the expensive process of clean-up. Fischer said it isn't uncommon for acquirers to absorb at This latter job, which involves things like notifying cus- least some of the costs, noting that "there's a lot of com- tomers affected by the breach and issuing new cards, can petition" among acquirers to secure merchants, and any be more taxing than one might think. provision that helps relieve cost burdens can be used as a selling point. According to Walter Conway, a payment business Data Security Consultant, the process of notification by itself But he added that significant contractual concessions are will typically involve sending mailers, making phone usually reserved for the larger retailers whose businesses calls, creating a Web page and establishing a "credit moni- are deemed lucrative enough to make certain risks, like toring service" – the price on all of which can run between the assumption of liability, worth taking. $40 and $200 per account compromised. At that rate, he said, fewer than 5,000 notifications could well put the "This is a business world and these agreements are price tag into the millions of dollars. intensely negotiated, and there's a lot of competition," Fischer said. "So as an acquirer you try to get as much In the event that liability falls on a processor or merchant, of [the fines] as you can back on the retailer and not lose these and other associated costs are passed down by the the retailer." issuer – and in both cases they go initially to the acquirer. If a breach occurs in the merchant sector, fines usually are A breached merchant may also face third-party lawsuits, passed down twice – from the issuer to the acquirer and, usually filed by the issuer to skirt the limitations of indus- in turn, from the acquirer to the merchant. try fees – which Fischer said can only go so high, or else get blocked by the overseeing card brand (either Visa "I think in that situation those [acquirers] can be dealt with Inc. or MasterCard Worldwide, depending on the issuer). very quickly and very harshly by the brands," Conway He said such cases are usually decided in favor of the said. "An acquirer is supposed to be secure – that's what merchant, leaving the issuer to eat a large portion of the they do for a living. You expect them to be secure." breach costs. Using a middleman He sited the clothing retail giant TJX Companies Inc., The aftermath of a breach to the merchant sector is far less which, after suffering the largest breach ever by a mer- clear-cut. chant in 2007, was spared by the courts from paying a good chunk of its penalties even though, according to the Because issuers and merchants hold no direct business Federal Trade Commission, the company was nowhere contact and have no contractual agreements, issuers have near compliant. only limited ability to recoup their costs. "Even in that situation, while they ended up paying a sig- Any fees they do impose go first to an intermediary – the nificant amount to issuers through the Visa settlement that acquirer, with whom both parties are contracted – which was orchestrated, it was significantly less than the issuers will absorb the cost, pass it to the merchant or absorb part wanted," Fischer said. "So if you look at it on a rough jus- and pass the rest, depending on the acquirer's contract tice basis, it probably was an appropriate amount." with the merchant. Plenty of suffering to go around

Fischer said virtually every merchant-acquirer contract Indeed, each party on the payment chain seems to suf- stipulates precisely how issuer fees will be distributed fer "rough justice" its own way. For their part, issuers between them – although such a clause has only become absorb the initial shock of every fraudulent transac- a regular part of their contracts in the last several years. tion, and bear the burden of having to recover all those He said those fees commonly range between $100,000 costs – some of which they never get back. Especially to a ceiling of around $500,000, and they're sized rough- when a merchant is breached, an issuer can be almost ly equally whether it's a merchant or processor that's certain that it will shoulder a bulk of the expenses. been breached. Unlike merchants, processors that are breached often bear According to Conway, "generally all" contracts stipulate the burden of reimbursing the issuer completely, the total 60

CoverStory costs of which can be huge. Heartland Payment Systems have been compliant are supposed to enjoy "safe harbor" Inc., which reported a breach in 2008, said in May 2009 from industry fines – but of all the post-breach audits con- that its costs had reached $12.6 million and counting. ducted to this point, not one has made that finding.

Processors, which in most cases play the role of acquirer "No compromised entity has yet been found to be in com- as well, are also go-betweens for the fines issuers levy on pliance with [the standard] at the time of the breach," the merchants, and in many instances absorb at least a por- PCI Security Standards Council (SSC) declared earlier this tion of those costs. year – and it maintains that position today.

Merchants, meanwhile, are rarely responsible for what Some take issue with that position, asserting that, while happens to other parties (unless those parties aren't certi- the PCI DSS makes a very good guide for security imple- fied PCI-compliant) but frequently have plenty on their mentation, perpetual PCI compliance is basically an unat- own plates. They are the most likely of all parties to expe- tainable goal – and, among breached entities subject to rience a breach, and, of the ones that are hit, typically the forensic audit, a set-up for failure. least able to absorb the costs. "It's always easy to be a Monday morning quarterback, to "The vast majority of breaches are in the merchant sector come back and take a look at and say, 'Ah ha! What about – it's an overwhelming number," Conway said. this?' That one spot that these very talented criminals had to discover," Fischer said. Breach liability and PCI compliance

Unavoidably, the issue of post-breach liability ties into "There are literally tens of millions of point-of-sale termi- some key points of contention regarding PCI compliance nals and lots and lots of retailers of all sizes and they can more generally. only do so much," he added. "They gotta run a business – sell products and the like. So it's not possible for them Liability (excepting outside lawsuits) hinges on estab- to protect all their information all the time, and even if it lishing noncompliance at the time of a breach, which is was [possible] yesterday, it won't be today and won't be determined by a forensic audit. Breached parties found to tomorrow." Conway expressed a different view, asserting that the difficulty of PCI compliance "can be blown out of all propor- tion. Merchants are going to have to spend a little time, maybe a lot, depending on what changes you're willing to make, to become compliant. But do I think it's an onerous burden that's unfair and driving people out of business? No … I think a lot of the mashing teeth, a lot of the whin- ing, quite honestly, is misplaced."

He added that the findings of post-breach audits have revealed substantial malpractice.

"Some people say … you could always find something somewhere [in a post-breach audit]," he said. "Well, that's not what [the PCI SSC] said. What they said was, not only were [breached parties] noncompliant, but the source of noncompliance was related to the breach. So it wasn't because of something trivial – where they were noncompliant actually was materially important to the breach."

To a large extent, opinions about post-breach liability are rooted in the perceived roles of the different parties involved in preventative security – including the audits that businesses must undergo at least once a year along with a quarterly or monthly systems scan required as part of compliance maintenance – and the extent to which those audits provide assurance of compliance.

Conventional notions about the different roles played in ensuring security continue to be challenged, not least when Merrick Bank took the unprecedented step of suing

CoverStory a security auditor in May 2008. CardSystems Solutions Inc., which conducted Bokor, Chief Operating Officer of card processing for Merrick's 125,000 merchants, had been certified Card Trustwave, an information technol- Information Security Program (the precursor to the PCI DSS) compliant in June ogy security consulting firm. 2004, only to be breached several months later. "So from an assessor's standpoint, That lawsuit, which is ongoing, may hinge on the scope of responsibility that we can go into an organization and auditors can reasonably be expected to take on – in other words, the extent take a look at the profile of all the to which a system deemed secure at one point in time can be assured to stay controls we need to look at, and at that way. that given time they may have been satisfying those. "The challenge with compliance is, it's a point in time exercise," said Andy "But organizations are very dynamic … if new [technology] gets added between compliance cycles, that's where you get some of the vulner- abilities that are exposed."

Bokor added that, while the roles of outside parties in security maintenance can be significant, ultimately "the onus is on the end user. It's their responsibility – it's their system, and they are the people doing the configuration. The auditor is really just there to do the white-glove audit." Dual burden

Some contend, however, that many businesses, especially merchant stores, can do only so much to guarantee their own security, and the role of outside parties with more technical savvy and PCI knowledge is crucial – particularly the roles of acquirers, with whom merchants are most closely associated.

"Acquirers have a dual burden," said Paul Rasori Senior Vice President, Global Marketing for payment technology provider VeriFone. "One is to make sure all their merchants are compliant. And the second is they need to make sure they're PCI compliant themselves, because they're also storing and transmitting and capturing information."

"There's a lot of people to blame [for security weak spots]," Conway said. "And I'm going to start with the banks, and all the people that have done an absolutely appalling job of communicating PCI to the merchant community.

"… I don't blame the merchants for this. PCI is a reasonable set of safe- guards that will protect the mer- 63

CoverStory chant, their brand and the merchant's customers, but the "There's a big cry for something more definitive that takes merchants simply aren't properly informed about it. And the responsibility away from the retailer, and maybe even I'm using a broad brush because some of them I know are the acquirer, and that's referred to in the industry as end- doing a great job, but I wish I saw more of it," he said. to-end encryption," said Rasori, the SPVA Secretary and Treasurer. "Doing an encryption of the information before Conway added that the PCI SSC "has done most of what it even enters the retailer's system could potentially take it can as a standards body" to promote enforcement of it out of the scope of all retailers." PCI regulations, but that it "doesn't do any enforcing, and maybe that's the flaw in the whole model." The PCI SSC appears also to be considering the use of new technology. In June 2009, it commissioned the secu- Indeed, the roles of different parties in security prevention rity consulting firm PricewaterhouseCoopers to research mirror those in the post-breach scenario. Just as issuers new approaches to the adoption of security technology by cannot impose post-breach costs directly on merchants, merchants, processors and acquirers. the enforcement of PCI standards cannot flow directly from the top down; in both cases, the extent to which Meanwhile, after suffering one of the most high-profile those who reside on the bottom of the chain are impacted breaches in recent years, Heartland is leading the way depends on the role of a middle party. toward the use of end-to-end encryption, implementing the technology in-house and at the site of every one of its Legally accountable or not, such parties will usually face merchants. consequences of some kind – reputational damage, outside criticism and the loss of merchants – when the mer- Indeed, the Heartland situation could well symbolize the chants they are contracted with suffer a breach. plight of the industry at large, which appears to be, slowly but surely, heading for changes largely compelled by the "Those who sleep with dogs get fleas," Fischer said. constant battering of a relentless criminal front – and the "Well, an acquirer that does not have a significant compli- "rough justice" that so often results. As the Heartland ance program for their merchants … is going to end up case seems to demonstrate, sometimes getting dragged with fleas." through the mud is the best impetus for change.

Many acquirers are finding, furthermore, that to avoid the tremendous burden of security breaches to their merchants, it is best to assume more of the burden for prevention.

"We're trying to come to market with a managed service that allows merchants not to have to worry as greatly about PCI," said Bill Clark, General Manager, Point of Sale Division for payment system solutions provider Apriva. "We want to be an advisory partner and to manage the networks.

"It's our opinion that helping the merchants be educated and, in many cases, offloading some of the work of stay- ing vigilant helps them and really helps all of us in the industry." Better technology on the horizon

Others say the quickest and most effective way to relieve the merchant burden is through better security technology that would limit the ongoing and complex proced- ural work required of PCI compliance – and there are indications the broader use of such technology is forthcoming.

In April 2009, the founders of the Secure POS Vendor Alliance, Rasori among them, marked the organization's official inception. The organization's aim is to address the industry's most pressing issues with data security, primarily with technological solutions that include, most prominently, end-to-end encryption. 64

DoYouRemember? 10 years ago in The Green Sheet

Magstripe-based gift certificate program

American Banknote Card Services Inc. (now ABnote Group) rolled out a mag stripe-based gift certificate program for retailers and restaurateurs. Touted benefits included increased sales, float and unused value, elimination of cash back, strong marketing and promotional applicability, automated settlement and reconciliation, improved security, consumer convenience, and easy in-store return. ISOs benefited from per-transaction cost and residuals. Cipherspace – decoding online security

As the Internet hit its stride and e-commerce began to grow, ISOs and merchant level salespeople had to learn about data security on the Web. They had to understand the basics of online data security: Why it is necessary; what does the encryption process entail; what are electronic signatures and digital certificates; and what protections do the various methods provide? CyberCash expanded

CyberCash Inc. (now PayPal Inc.) released an automatic form-filling feature to add convenience to online Web sites. Jim Condon, CyberCash President The Green Sheet and Chief Operating Officer, said the was company planned to include integration 32 with incentive and reward programs, pages. fraud control, order tracking, currency conversion, and other benefits in future releases of its Agile Wallet.

Read archived issues back to 1995 at www.greensheet.com and click on publications

68 Education StreetSmartsSM Proudly presented by

The proper approach to MLS hunting

By Jon Perry and Vanessa Lang Education index 888QuikRate.com here is a moment in the life of an ISO or mer- Adam Atlas ...... 74 chant level salesperson (MLS) when you reach Nancy Drexler ...... 78 your plateau – when you just can't put any more Christian Murray ...... 80 deals through unless you start to work overtime. T Jeff Fortney ...... 82 You are ready to take the business to the next level. We are talking, of course, about hiring your first sales Tim Cranny ...... 86 representative.

While making that first hire will give you a great feeling of accomplishment, there can be danger ahead if you're He was looking for a major life and career change. He not prepared. Vanessa found this out first hand. literally begged her to give him a shot as an MLS. Here A strike versus the gutter ball was her first prospect – someone she knew, but she had no idea how to make sure working with him was a good Vanessa likes to bowl, so she joined a league. When she idea. But the excitement was palpable. introduced herself to the league, the range of personalities was interesting. There were people like her, white collar We were ready to take on our first sales rep, and he professionals with fresh manicures and pedicures. There had fallen right into our lap. John signed up as a 1099. were also bikers clad in leather, truck drivers and mechan- Needless to say, John did not work out. It was certainly ics, as well as retirees and future professional bowlers. not due to lack of hustle. Not a likely place to find a potential sales representative. Our business picked up the tab for chamber member- Over time Vanessa befriended many in the league. And ships. There were weeks of training and lots of time in the since her team name was Merchant Services, most of them field. Vanessa spent close to three weeks preparing him had an idea what she did for a living. for a career in merchant services.

They knew she installed those darn machines that sucked Ultimately he found, like so many, that he was too wor- their money out to some crazy black hole never to be seen ried about money to focus on closing business and build- again. Time passed, leagues ended, life got in the way, and ing relationships. We never heard from John again. she lost contact with many of those with whom she bowled. Innocence versus experience

Then, one day, Vanessa was waiting at a tire shop for new But one try was not enough for Vanessa. Enter Jack. Now tires to be put on her car when a fellow bowling league Jack was a salesman. He had a résumé a mile long and member approached her. Let's call him John. His story had done everything from financial analyst to customer was not uncommon. He had been injured on the job. He relationship management software installer. He had even was disabled and needed something to bring in money. worked in the payments industry a few years ago.

StreetSmarts

As business owners, we wear so many different hats and often find ourselves venturing into areas that are not our strengths.

Since he had industry experience, he wouldn't require based on emotional decisions. We wrote in our last article all the training, right? And he was definitely in need of about the pit bulls around us. (For more information, see money, so what better way to motivate him than to show "Unexamined emotion, a pit bull that mangles business," him the money? The Green Sheet, July 27, 2009, issue 09:07:02).

He had skills in cold calling, and on day one he set his John and Jack were Vanessa's pit bulls. They looked first appointment. Vanessa went with him and closed the promising and had those puppy eyes that said give me a deal; Jack sat quietly, a little too quietly. But, ultimately, chance, and Vanessa fell right into the trap. it got him a nice commission check on the sale of equipment. He was hooked. While Jon had advised her not to move forward with either relationship, Vanessa disregarded his warnings and A week went by, and we checked up to see how many thought, "What better way to learn than by trying." appointments Jack had set. Zero. We asked him, "Well how many calls did you make?" His response was a long, Guided by the anticipation and emotion associated with drawn out saga of marital and family issues, bills and wanting to grow the organization, Vanessa made errors in more. He wanted to stay with it, but eventually he started judgment. Sure we got a deal or two, but the major loss looking for another job. Like John, we soon could say of was of Vanessa's time. Jack – never heard from him again. Strengths versus weaknesses Head versus heart Vanessa had that "aha" moment after Jack dropped off the Both John and Jack were brought into our organization radar. Her strengths are in operations and customer service. She can balance a budget to the penny. She can hold the hand of a new merchant until he or she feels warm and fuzzy. But she does not excel at judging talent.

On the other hand, Jon is the sales and marketing specialist. His skill sets are vision and negotiation. He is also much more capable of identifying a good potential MLS fit.

There came a point in contract negotiations with Jack where Vanessa realized he was playing her. Jack understood that if he asked Vanessa for X percent, he might get it, but if he asked Jon – fat chance. So now any potential reps Vanessa finds go straight to Jon for vetting.

As business owners, we wear so many different hats and often find ourselves venturing into areas that are not our strengths.

The mistakes Vanessa made were not financially impact- ful, but a great deal of time was lost. Looking back, that time should have been dedicated to defining the operational aspects of managing new MLSs as opposed to trying to learn how to hire them.

Although we control the hiring procedures internally, many other organizations may not. Identifying a repu- table third-party recruitment firm can bring objectivity to your hiring decisions. Outsourcing recruitment responsibilities may weed out potential hires who are not a good fit and, therefore, save your ISO time and reduce stress.

StreetSmarts

Finding out that joy and excitement is not found in the hiring process itself, but in actually seeing your new hire prosper, was a realization.

The hunt versus the catch • Should I get a lawyer? Absolutely. There are industry specific lawyers who Finding out that joy and excitement is not found in the have these processes locked and loaded. There is hiring process itself, but in actually seeing your new hire a cost associated, so only approach them if you prosper, was a realization. are serious about moving forward with hiring. Ultimately, the guidance and information payment Hiring decisions should not be forced or based on emo- attorneys can provide in terms of contract law tions. A variety of different hiring models can be used to are vital. You may also want to consider a human make intelligent choices regarding whom you hire. resources professional to address state-specific labor requirements. Gather upfront what your prospects' needs are for income, time, family and so forth. Do this before providing • What are the industry specific them any contracts. A well-tailored contract based on compliance requirements? prospects' needs and what you can afford saves valuable To address this, you will need to involve your ISO time negotiating. or sales partners. Also spend time reviewing past articles in The Green Sheet that address these require- Knowing your best and final offer can help you to say ments. We always err on the side of caution to pro- – Sorry, this is not a good fit. Then you can move on. tect our organization from rogue sales agents. One bad egg can damage a good reputation. Reflecting on our own experiences, as well as learning from others in our industry through GS Online's MLS • What is a fair reimbursement? Forum and acquirer association meetings, has highlighted Again, there are a variety of compensation models important questions to consider when selecting the opti- to choose from. Many great mentors in the industry mal approach for hiring for your organization. have succeeded by paying their top performing W-2 employee versus sales professionals as much as they can afford. independent contractor Understand what percentages of residual are fair (if any) and what bonus structures you want to imple- This decision comes down to two major factors: control ment. Execute a standard contract, and negotiate and cost. With a W-2 employee, you will be able to have from there. your say regarding the job's parameters: the who, what, Hit versus miss when, where and how. Your decisions should be based on what will increase A 1099 independent contractor is just that. Make sure you your top-line revenue, minimize your exposure to risk consult with an industry professional when managing and focus on customer retention. If it doesn't feel right, your contractors, and be aware of the IRS guidelines. don't do it.

Following are questions you should ask yourself when That is a mantra we have followed for many years. searching for MLS candidates: Spend your time preparing upfront and learning from others who have been there and done that will be time • What caliber salesperson are you looking for? well spent. Some organizations want only experienced MLSs; others desire zero experience. The more experi- Happy hunting. enced MLSs will have a better understanding of how residuals and bonuses operate and gener- Jon Perry and Vanessa Lang are the owners of 888QuikRate.com, ally will cost more, but the rewards should be an ISO based in Ft. Worth, Texas, that was named Small Business greater. However, it may be difficult for someone of the Year by the local newspaper, The Star Telegram. For more "old school" to adapt to solution selling. On the information, tweet them at http://twitter.com/dfwcard, comment other hand, newbies will demand much time and on their blog at http://merchantservices.cc or visit their profile upfront training. at http://linkedin.com/in/jonperry or http://linkedin.com/in/ vanessalang. Alternatively, you can contact Jon and Vanessa by Have your business plan in place and let it guide phone at 817-857-3557 or by e-mail at [email protected] your choice of sales professionals. or [email protected].

Education (continued) Legal ease Seven reasons to avoid exclusivity By Adam Atlas disappointment in jurisdictions where exclusivity is not Attorney at Law supported by the courts. xclusivity means you can't sell bankcard process- ISOs will be disappointed because the contract will not be ing and value-added services for anyone other legal as far as exclusivity is concerned. And MLSs will be than the party with whom you have signed a disillusioned because they will have given up opportuni- E contract. Whether you are a processor, ISO or ties to place business elsewhere because of the exclusive merchant level salesperson (MLS), an exclusive relation- relationships they thought they were obligated to follow. ship is often a recipe for stress – or worse – somewhere down the line. Before entering into any such relationship, review the applicable law in your jurisdiction to see whether exclu- The purpose of this article is to summarize some of the sivity is even permissible. reasons to avoid getting into exclusive relationships in the 4. Building on the negative payments industry. 1. One size does not fit all Having advised hundreds of ISOs over the past few years, I have observed that the most successful ones build on No matter which processor you select, it will not be able strengths and business incentives rather than on restric- to take the full variety of merchants you are likely to have tions and restraints. in your portfolio. Therefore, every sales organization necessarily needs a secondary or tertiary provider to board If MLSs or ISOs are given flexibility to sell competitive merchants who are not acceptable to an agent's or ISO's products at competitive prices, they will more likely be primary processor. provided with suitable residuals; consequently, they will be more motivated to continue to sell than if they are told Not being able to sign a merchant with whom you have to sell a single product at a single price. already established a relationship is frustrating and tan- tamount to leaving money on the table. You should build An ISO's business culture built by individuals attracted into all of their agreements enough flexibility to have at to the payments industry for sound business reasons is least one or two other places to board business that cannot likely more inherently positive than the culture of an be placed with your primary provider. This applies to all organization built on legal restraints and parameters. ISOs and MLSs. Requiring exclusivity from the get-go also informs the person bound by that exclusivity as to the nature of the 2. Exclusivity as tight rope organization requiring it.

ISOs are often confronted with a long list of scenarios MLSs will inevitably learn about the myriad possible which will lead to default under their processing agree- relationships and layers of involvement in this industry. ments. When they enter into exclusive ISO-processor rela- In my experience, exclusivity stifles the development of tionships, the variety of ways ISOs can default increases effective sales organizations. because of the severe constraints and limitations that exclusive contracts place on their activities. 5. Pricing, a bind for all

As for MLSs in relationships with ISOs that are less than No matter how well-priced the exclusive relationship friendly, exclusive relationships create opportunities for is, it will never be able to fulfill all the needs of an MLS, ISOs to terminate agents for the slightest slip-ups, such who will inevitably find a variety of merchants needing a as finding another place to board a merchant who was range of pricing models that cannot all be satisfied by a rejected by the ISO. Neither party benefits from this level single provider. of insecurity. In the long run, the stress placed on business relationships by exclusive arrangements subverts the Having only a single pricing grid with which to work, interests of both parties. agents will become frustrated and seek to either rene- gotiate their exclusive relationships or breach them. 3. Exclusivity may be illegal Businesses requiring exclusivity may also be uncomfort- able taking all the merchants sent to them. In some states, such as California, the law may render unenforceable exclusivity clauses in sales agency rela- Being on the receiving end of exclusivity may increase tionships. Both parties may be setting themselves up for your triage burden when receiving applications. Agents

Education with a variety of relationships will – for their our own best interests – send merchants to where they best belong. Exclusive words 6. Train wreck exit Some common exclusivity language in payments industry contracts: Very few buyers would be willing to buy an exclusive relationship. As such, from the agent's perspective, exclu- • Agent shall not promote merchant services of sivity has the effect of dampening the interest of potential any third party. portfolio buyers. Some MLSs will be selling only the residual stream instead of the whole relationship. • Agent shall not promote merchant services of any third party to merchants. However, a question will arise as to whether the pur- • Agent may refer merchants to a third party chaser of the residual stream will be tied into some kind only after they have been declined by ISO. of exclusivity with the organization paying the residuals. Agents in exclusive relationships also have difficulty tran- Note: sitioning to other relationships. New agents should never sign exclusive agreements.

Businesses requiring exclusivity often find it difficult to (Adapted from Adam Atlas' November 2006 National let their agents go. That creates tension when relation- Association of Payment Professionals teleseminar) ships end, which results in either one or both parties being very disappointed. indirect way of telling MLSs they must not graduate to a 7. Non-circumvent direct relationship with ISOs' sponsoring banks. Another clause that often appears in contracts governing exclusive agent relationships is the non-circumvent clause. While this will work for some agents some of the time, This is an obligation on the part of agents to not enter into it will not work for most agents most of the time. The relationships with the banks that sponsor their ISOs. It is an kind of agents that ISOs want to employ are those who are ambitious, entrepreneurial and energetic. Those agents will quickly understand the import of the non-ci cumvent clause.

As an alternative, ISOs can provide the opportunity for their MLSs to register as sub-ISOs with their respective acquiring banks and continue their mutu- ally beneficial relationships rather than try to stymie the agents' revenue growth. Sometimes exclusivity is a great idea

Exclusivity isn't bad all the time. Sometimes pricing, buy- out commitments, portability, rights for MLSs or access to support systems will be sufficient consideration to fully justify exclusivity. Some ISOs and agents are also dedicated to specific kinds of markets or merchants and do not need the variety required by general sales offices. The added pricing benefits of exclusivity may therefore be helpful to those kinds of organizations.

Readers should not interpret this critique of exclusivity as necessarily applying to everyone all the time. Some exclusive relationships are immensely profitable and pleasing to everyone involved. However, many exclusive relationships create stress for both parties that ends up inhibiting the prosperity of all concerned. In publishing The Green Sheet, neither the author nor the publisher is engaged in rendering legal, accounting or other professional services. If you require legal advice or other expert assistance, seek the services of a competent professional. For further information on this article, e-mail Adam Atlas, Attorney at Law, at [email protected] or call him at 514-842-0886.

Education (continued) Marketing 101 A case for case histories By Nancy Drexler credible form of marketing you use. They involve, after SignaPay Ltd. all, your customers, not your marketing director, extolling your virtues. et's face it. All ISOs provide similar products and Easy implementation services in much the same way – and at comparable prices. Yes, some of us have built brands that Ready to get started building your own library of case his- L connote dominance in key industries. Others of tories? This article will guide you through the process. us are known best for our technology or our sales incentive programs. But, at the end of the day, differentiating Decide what you want to accomplish. Every case study ourselves to end users is not easy. should clearly demonstrate how you were able to get tangible, measurable, successful results for businesses That's where marketing comes in. When I started in our similar to the ones you are targeting for this project. industry seven years ago, most ISOs were relying on clip- art ads and tradeshow meetings to build sales. Today, Ideally, you should decide what the focus of your case many have come to depend on more skillful and experi- history will be and then find the best story to illustrate it. enced marketing practices and practitioners. Admittedly, some of us start from the opposite end, iden- We, however, are not miracle workers. To maximize our tifying a willing customer spokesperson and then basing companies' differentiation and awareness, we continually the narrative on that person's experience. rack our brains for new or different ways to set ourselves apart. And sometimes, we remember an old way to do it Either way, it helps to decide upfront what your end goal that worked pretty darn well. is. Then, you have a framework by which you can take the Timeless solution following steps:

One old standby is strategic placement of case histories. • The media: First, pick your medium. Then, before They are, quite simply, stories told by satisfied customers you begin to gather your data and prepare a budget about how your company helped them achieve an objec- for your project, you must answer five questions tive or exceed a goal. Also known as case studies, they to develop a sense of what form your case study are testimonials fleshed out to include facts, details and will take. results in the form of a narrative. 1. Do you plan to incorporate case histories into The benefits of including case studies among your mar- your selling process or simply host them on your keting staples are numerous. For one, they are fairly Web site? simple to do. They require none of the design or print work that a sales piece or advertisement requires and, as 2. Will you be printing copies for distribution or a result, they cost far less. offering a Microsoft Inc. Word document to a publication, or a PowerPoint presentation to a meet- In fact, they can cost nothing, depending on how you use ing group? them, which is another benefit of employing case studies: 3. Are you focusing on one sales advantage or a They can meet a variety of marketing needs. Formatted series of advantages that work together to build similarly to this article, case studies can be "white papers" used on Web sites, offered in e-mails, or presented at a whole? meetings or tradeshows. 4. Will you use one spokesperson, or will you feature a number of different customers? Related as narratives and wrapped in four-color design with photos of your "speakers," case studies can also be 5. Will your pieces be used individually or as part of lovely additions to sales kits, presentation materials or a series? direct mail campaigns. • The content: Amass your information. I don't have Because they are stories, case histories can be much to tell you how difficult it can be to get people to say more attractive to readers than other marketing col- what you want them to say (without paying them to lateral – and far more compelling. People remember say it). Sometimes we are pleasantly surprised. But, stories. Best of all, case studies are likely to be the most most of the time, it's best to have a Plan B. 79

Education

You might want to begin by pre- 2. Write a story that convinces readers they will get the same positive results paring questionnaires and hav- as your spokesperson did. ing some of your best customers or reps fill them out. The second objective is not as simple as it sounds. You may want to create different narratives for different media. A full-blown white paper, for This could give you some new instance, will incorporate many more facts and specific examples, while a ideas for presenting information Web testimonial will move far more quickly to the bottom line. about what makes your products and services different or special. Never forget to submit your final copy to your spokespeople for approval. It can also help you identify Keep a signed copy in case you need proof that the exact use of words and spokespeople who are prepared facts was approved by the signer. You never know how people will react to to give you the information and your summation of their views. responses you are hoping for. Distinct advantages

Once you select the person or You've done the hard part. Now, make sure you reap the benefits. Case histo- people you'd like to interview ries never go out of date; they can be reformatted and used for years. Turn case for your case histories, make studies into sales letters. sure your company is OK with your choices. And make sure Send your spokesperson to tradeshows to speak on your behalf. You can your spokesperson's company is even submit well-written case histories to trade journals, garnering publicity also on board. You will, after all, for your customer and yourself, and probably picking up a few good clients be using information about them in the process. in a public way. Have I made my case? If so, then go ahead and make yours. When the necessary executives from both organizations Nancy Drexler is the Vice President, Marketing for SignaPay Ltd., an ISO headquartered have signed off on your case in Dallas. Reach her at [email protected]. study candidate, it is time to set up a personal interview with your subject.

Meet him or her in a quiet place, and be prepared with a list of questions designed to get the responses you need. And use a tape recorder to catch every word (after receiving the inter- viewee's permission to do so).

Keep in mind that the interview process should be comfortable and rewarding for your spokesperson. First and foremost, this means establishing what the customer is or is not willing to see in print and establishing his or her credibility to an audience.

From there, it is a simple matter of prying loose interesting and factual information that supports the veracity of your sales pitch.

• The narrative: In crafting your case study, you now have two objectives:

1. Write a story that people will want to read. 80

Education (continued)

started. Not all ISOs are created equal, and it's necessary The MLS opportunity to thoroughly and cautiously evaluate ISO relationships By Christian Murray before signing a contract. Global eTelecom Inc. A key element in MLS success is having a strong in-house ver the past few years the payments industry support system so that the majority of the focus is on clos- has seen a major spike in new agents joining ing new accounts and supporting existing clients. In some our ranks. This, in part, is due to major com- cases, smaller ISOs may not have a robust internal team O panies in other industries laying off workers but do well supporting the business efficiently. and downsizing. It's not always the size of the office that matters; it's the The majority of top contributors amid fresh recruits people behind the operation and how well they follow come from the mortgage, real estate, automotive, insur- through with getting accounts serviced. ance and, more recently, the funding or cash advance Go to school sectors. Most new merchant level salespeople (MLSs) are after the quick sale and potential to build an attractive To succeed, MLSs must have a strong educational support residual income. base and ongoing training from their ISOs. Therefore, when selecting a processor or ISO, it's important to do Those who are beginning a new career in payments most your homework. Find out what a potential partner's repu- likely are finding it difficult to cultivate new business. tation is within the industry. Times are tough. Consistently closing deals each month can be highly challenging if you're still learning the busi- Check Better Business Bureau reports and other com- ness and have not built up a pipeline for leads. plaint resources online. Make sure you are partnering with a respected organization from day one. Important It's not easy to hit the ground running and build a base of questions to ask about a new ISO partner include: merchants quick enough to survive during the beginning stages of a bankcard career. • Does the business offer a lucrative compensation package and options for medical benefits? Typically it takes at least six months to a year, or longer, • Is it providing thorough and ongoing bankcard and to learn the business and cultivate and develop a sales sales training to agents, or just as needed? method that works effectively. Surviving on 1099 income derived from accounts and commissions can be trying, • Will the ISO provide detailed online reporting and even for the most seasoned sales professionals. access to residuals and payouts? • Do you have the option of building a portfolio and Stand out from the crowd then selling it if necessary? For those entering the industry, the following are impor- • How well-organized are the deal flow and paper- tant qualities that MLSs must possess to help build a work processes? strong foundation for success: • Are promotional and marketing options available to help you drive sales? • Determination: It's OK to be money motivated. Harness it. • Are value-added products internalized and well supported by the ISO? • Desire to learn: Don't settle for standard program knowledge. • Are leads sources and sales tools available to help you prospect for business? • Honesty and integrity: These qualities are more important than anything. • Does the office have a strong, efficient customer service department for merchants? • Initiative: Following through and taking action will set you apart from the pack. • Is 24/7 technical support offered to merchants who need assistance with terminals? • Generosity: Sharing knowledge can help you build lasting relationships. As you can see, you must evaluate many areas to be sure • Creativity: Focus on the goal and brainstorm about the relationships you establish with ISOs will thrive. what is needed to obtain it. Initial bankcard training is very important and can make the difference for new MLSs starting out. Ongoing sales Selecting a strong partner strategies and prospecting techniques should also be Success in the payments space, or any other industry, given to help you succeed as an agent. requires dedication and perseverance. Choosing a partner to write business with is an integral piece of getting Most ISOs offer basic training to new agents, but in 81

Education

Typically, dishonest individuals don't Trust is a must last long in our industry. They are If you answer no to any of the following questions, trust may be an issue in your quickly discovered and weeded out. business. But the after-effects of rogue ISO and MLS actions can plague the indus- • May your merchants call you at anytime with any problem? try long after the perpetrators have • Do your merchants always take your calls? moved on. Established and new MLSs must steer clear of disreputable organi- • Do you send congratulatory notes to your merchants for a good sales zations and tactics. month? • Do you regularly offer support to your merchants as opposed to waiting to Expending the same effort in doing be asked? things honestly and ethically instead • Have your merchants referred you to new accounts? of the opposite will pay much larger and lasting dividends in the long run. Also, misrepresenting merchants and (Adapted from Good Selling! Thirteen Weeks to Personal Success by Paul H. Green) committing fraud in this industry is no joke and can result in severe penalties some cases the curriculum is very limited. One reason – possibly even jail time. for this is a desire to not overload the new hire and to Take the next step gradually feed information over time instead. Agents will need to determine the pace at which they want to learn A career in the payments industry is not for everyone. the material. Because of the slow economy and lower processing The consultant sales model volumes, MLSs starting today have added challenges compared to previous years. But one of the great things Don't make the mistake of relying on free terminals or about this business is that it is somewhat recession-proof; selling on lower interchange rates as the primary method merchants and consumers will always need to use pay- of selling or piquing interest with merchants. This busi- ment options other than cash. ness already has enough MLSs running around doing that very thing. Much more business can be closed utiliz- Economic downturns can be scary for individuals who ing value-added services in conjunction with bankcard are untested in the payment waters. However, many can processing. attest to the resilience of the industry. The benefit that can come from selling payment services is the satisfaction of The key is to learn how to be a consultant and employ helping merchants survive in these tough times and the methods that show merchants your core products and prospect of a solid income that, in some cases, allows for value-adds, as well as the level of service you provide, long-term residual payouts. are more valuable than free equipment and bargain-base- ment rates. Times are changing within our industry. The practice of focusing only on bankcard processing is passé; those in Many of the feet on the street continue to use free termi- the know approach their prospective customers as busi- nals as the primary way to get in the door. However, there ness consultants. are many more effective ways of motivating merchants to set up those all-important appointments with you. Taking Focusing on solutions that help merchants increase sales time to learn or understand services that can benefit a and efficiency while reinforcing loyalty among merchants' given merchant's business can make a huge difference new and existing clientele is what matters today. Be sure in your ability to establish meaningful rapport with that not to fall into the "turn and burn" mentality that so many merchant. others use today.

Ethical and responsible sales practices Focus on an outlook and attitude that promotes personal growth and strengthens relations with merchants. It's Choices made early-on have a way of resonating through- never too late to make adjustments or change directions. out one's career. Learning about and adopting ethical sales Begin making a difference today. tactics and methods at the outset can help you establish a solid, rewarding career. Christian Murray is the Director of Business Development for Global eTelecom Inc. He has more than 12 years' experience within the Unfortunately, a handful of ISOs and MLSs continue to payments industry. GETI provides check processing and gift and use predatory sales tactics and may suggest ways of sell- loyalty solutions. For more information, visit www.checktraining.com ing that are not ethical. Greed and dishonesty exist within or www.giftcardtraining.com (the sites are compatible with Internet all sales verticals, no matter what products or services are Explorer only). You may also contact Christian directly at 877-454- being sold. The payments industry is no exception. 3835 or [email protected]. 82

Education (continued) Call reluctance: Diagnose it and treat it

By Jeff Fortney The symptoms Clearent LLC The following simple test can identify if you have contracted call reluctance: t is common today to hear merchant level salespeople say, "I just don't seem to have much success on calls today; it must be the economy." There is no • Do you begin your day by scheduling activities that doubt the economy has affected our industry. are not sales related? I • Do you avoid any call that could be classified as a More merchants are closing than opening today, and in cold call? some states, the number differential is quite large. • When looking back at your normal day, do you find the majority of your time was spent on activities unre- However, are we using the economy as a scapegoat to jus- lated to sales? tify poor performance? Could we be facing the dreaded disease, call reluctance? If you answered yes to any of these, you have call reluctance. Without immediate treatment your businesses Call reluctance has to be identified early and immediately growth – and your future – may be in peril. treated. If not, it will lead to lost momentum, stagnant growth, worsening financial pressures and, ultimately, to Luckily, you can take steps to reverse call reluctance's the death of your business. effects, but they only treat the symptoms. Without addressing the root cause, you are likely to remain under call reluctance's spell.

Call reluctance is a failure to make the necessary calls for sales success. The onset is subtle, but the disease grows quickly. Its primary trigger is an increased rejection rate: The same number of calls does not lead to the same level of signing success as previously. Success is measured only by signed merchants – no other result matters.

The initial treatment for call reluctance, as well as the steps necessary to avoid it, requires correcting your definition of a successful call. Indeed, a successful call should be defined by only two results: a decision (a yes or a no) or a positive next step.

When we define a successful call as only a signed contract, we begin measuring our success not by our efforts, but by items outside of our control. A no is seen as a failure to be avoided at all costs. We accept even a flicker of a maybe, and then proceed to chase that maybe for weeks or months when the chance for a yes is truly nonexistent. This leads to frustration, the first sign of call reluctance. The treatment

First, you must drive for an answer, even if the answer is no.

Remember, you can only control your actions, not those of other people. No matter what you say or do, you cannot force someone to say yes. That is the individual's choice, not yours. If you do your part well, and your prospect says no, that is a successful call.

Education

Therefore, it is important that early in the process you chant a day, but that doesn't define what you are trying give your prospects permission to say no. If they are inter- to accomplish, as you may make 20 or 30 calls and sign ested, your customers won't say no. no one. It would be better to say, "I want to get 10 decisions today." However, if they are like most people, unless they are certain they can say no without hurting your feelings, What happens if the first call you make leads to a signed they may offer platitudes like asking you to leave them merchant? Many would stop there and call it a successful something to read. This isn't a positive next step; it's an day. Instead, by measuring decisions, you will have nine avoided no. It becomes a maybe to you, and your time is more decisions to get before your day is done – even if too valuable to chase maybes. all are no. You may be surprised at the number of times people say yes instead. The recovery The prognosis By first addressing your success measurement, you address the emotional impact of all calls. Your You will likely sign more merchants because you won't be value will not be defined by the number of signed con- frustrated with those who say no, nor will you be wasting tracts, but by your success in getting decisions. Also, by time on those that say maybe. eliminating maybes you eliminate the false hope that results from repeated calls with no success, as well as By chasing decisions, you impact what you can actually gain valuable time to spend on positive steps to grow control. Measure your call plan by decisions received, and your business. you can find success even in a day when no merchant signs a contract. Ultimately, that is what eliminates call The second step in avoiding or overcoming call reluctance reluctance. The economy is no longer an excuse; you will is to execute a consistent, measurable call plan designed succeed every day. around your definition of success. Again, don't measure Jeff Fortney is Director of Business Development with Clearent LLC. the number of signings. Measure success. He has more than 12 years' experience in the payments industry. Contact him at [email protected] or 972-618-7340. For example, you may say you want to sign one mer-

Education (continued) Digging into PCI: Part 1 – Securing the network By Tim Cranny A few minor extensions to the key message should be Panoptic Security Inc. mentioned. For example, network-based firewalls do nothing to protect laptops taken out into the vulnerable t the heart of the Payment Card Industry (PCI) world beyond a merchant's walls. Data Security Standard (DSS) are 12 requirements. All businesses that accept electronic Thus, Requirement 1 also states that laptops need their A payments must comply with them. In the first own "built-in," personal firewalls to protect the data stored installment of a 12-part series that drills down on each within them. But these extensions do not significantly dis- requirement, I will discuss what issues merchants and tort the relatively "clean" message of Requirement 1. their partners face, where the greatest challenges will be in practice and what can be done about them. "Clean", however, is often very different from "simple," as we'll see in the next section. ISOs, processors, acquirers and others need to deal with Challenges of Requirement 1 this level of detail either by partnering with a company that specializes in data security or by effectively becom- Unfortunately, while the core objectives of Requirement 1 ing security experts themselves. Either way, the time has are relatively clear, for many smaller merchants this is the passed when a general, high-level understanding of the first time they have ever been asked to tackle any sort of issues is enough. security requirement.

Merchants are confronting specific (not to say In fact, for many of them, this is the first time they have complicated and confusing) issues, and are increasingly ever been asked anything about their network other than: demanding equally specific assistance and service from Does it work? and Can you connect to your processor? their providers. Requirement 1 Many merchants have never given a second thought to firewalls, network segmentation, and so on, and the first The first of the 12 requirements is titled "Install and main- challenge they face is simply that of understanding the tain a firewall configuration to protect cardholder data," requirement itself. and is part of the section, "Build and Maintain a Secure Network." Unfortunately for many, this is one of the most They will need assistance with the technical meaning technically complicated and demanding sections of the of many words found in this section, such as "firewall," PCI DSS. "router," "configuration," "DMZ," "internal network," "network diagram," "protocols," "ports," "hypertext," "HTTP," By the way, this isn't a failure of the Standard. Its com- "SSL," "VPN," "stateful inspection," "TCP" and "IP." plexity is a fundamental part of the issue being addressed, so there are really only two choices: to meet the complex- It would be easy to double the size of that list, and many ity head-on or to get this whole section badly wrong. of these words defy quick and easy explanation. For example, I encourage any doubters to find a nontechni- Demands of Requirement 1 cal family member and explain "internal IP addresses" to them over the phone. It is best to make sure it's someone There is absolutely no substitute for reading the PCI DSS, with whom you have a strong relationship. but the core of Requirement 1 is that cardholder data stored on computers is not safe if the computers them- It is no use saying "these are simple terms" because that is selves are not safe. Consequently, the first requirement only true for people who know networking. Direct experi- mandates that merchants put a "wall" around their net- ence with thousands of merchants has taught us that for works to keep hackers out. many, many merchants, this is an entirely new world. This is done (in part) by using firewalls. To be effective, What merchants need to do these firewalls must be positioned at all appropriate places throughout the network. Firewalls must be configured With complicated demands like those of Requirement 1, to block all the traffic that must be blocked (and allow all by far the best approach is to avoid the problems, rather the traffic that must be allowed). Additionally, firewalls than defeat them. To see how effective that tactic can be, must be set up and managed in such a way that they con- you only need to look at how the different Self-Assessment tinue to work in a proper and predictable manner. Questionnaires (SAQs) handle Requirement 1. 87

Education

I am not saying that all merchants need to get rid of their computers, or even that they must stop storing cardholder data. What is needed, though, is for all merchants to know the huge advantages of stopping the practice of data stor- age and be able make informed decisions about the costs and benefits of doing so.

The SAQ is the document that merchants are expected This can get merchants "in trouble" with the PCI Security to complete each year. It is designed to help merchants Standards Council (SSC). But the real problem is that it identify where they fail to meet the requirements of the makes merchants more at risk of being breached and of PCI DSS. There are now four different versions of the their customers being hurt. SAQ, with SAQ A being used for merchants with the simplest, least risky environments, through SAQ D for What can be done merchants with complicated networks or with the most Unfortunately, we can't offer a single easy answer or data at risk. one magic product that would make the firewall problem go away. It is also true that almost all merchants Of course, merchants can avoid the challenges of simply cannot do it themselves, since they don't have the Requirement 1 altogether. One only has to understand expertise, time or resources. This means merchants are that SAQs A and B (for merchants who have no computer going to beg for (or demand) help from their ISOs, acquir- network, at least as far as PCI is concerned) have no ques- ers or processors. tions in the Requirement 1 section. The bottom line is that ISOs and others will, in practice, SAQ C is for merchants with at least some limited have no choice in the matter: They either need to become exposure to the potentially dangerous world of the security experts themselves or partner with companies Internet. Therefore, they cannot completely avoid that specialize in data security. It may seem unfair, but it Requirement 1. But they only have to answer two rela- is the reality of the situation. tively simple questions. It is also critical to know that the solutions and partners SAQ D is the most complicated and demanding of the you seek match the security issues of merchants in your questionnaires. Merchants who fall into this category portfolios. If you have a small number of merchants who have 18 questions to answer in Requirement 1. are all high-transactional volume merchants (level 1), then the best solution might be to partner with a Qualified Merchants should seriously consider a few useful, inter- Security Assessor (QSA). mediate steps. For example, using wireless networking introduces a whole range of security concerns, and makes If you have a relatively large number of smaller mer- the entire compliance story more difficult. chants, QSAs are not the right solution, since small merchants will never be able to afford to pay for them. Avoiding the use of wireless usually doesn't change the Instead, these merchants need a solution that is much SAQ selection that applies, but it does go far in making lower-cost and more specific to their needs. merchants safer, and it makes PCI compliance simpler. In Part 2 of this series, I will look at the next set of PCI I am not saying that all merchants need to get rid of their requirements, what problems they cause for merchants computers, or even that they must stop storing cardholder and how ISOs can best help merchants achieve compli- data. What is needed, though, is for all merchants to know ance with them. the huge advantages of stopping the practice of data stor- age and be able make informed decisions about the costs The full PCI DSS is available at the PCI SSC's Web site at: and benefits of doing so. www.pcisecuritystandards.org/security_standards/pci_dss.shtml

For those merchants who have to face Requirement 1 head-on, there is simply no substitute for getting assis- Dr. Tim Cranny is an internationally recognized security and com- tance from someone who understands computer network pliance expert and is Chief Executive Officer of Panoptic Security security. This is a complicated area that requires deep and Inc. (www.panopticsecurity.com). He speaks and writes frequently specialized technical knowledge, and failing to get the for the national and international press on compliance and tech- right assistance will very likely lead to poor security and nology issues. Contact him at [email protected] compliance failures. or 801-599 3454.

89 NewProducts Advertise for Features of UpClick software include: free processing • Free online processing for merchants who Product: UpClick advertise Company: UpClick • No extra work for merchants • Merchants can cross-sell pClick, a new product from a company of the same name, is an online processing platform advertiser's products that works symbiotically with its merchant • High "attach rates" for U users: they agree to advertise (though there's all parties no work involved) for other companies and get free pro- • Advertisements dis- cessing in return. played only after "We have basically a simple business model, which is checkout that we process credit card transactions for free," said Daniel Assouline, the company's Chief Operating Officer and co-founder. (The company's other founder is Michael Dadoun.) brick-and-mortar stores, merchant savings are particularly substantial. "And in exchange, what we get is the ability to cross-sell customers post-checkout," Assouline added. "So once the "We basically manage absolutely everything for them," he customer has actually completed his transaction online said. "All they have to do is when calling our checkout and bought the software from the merchant, we get an page, which is branded with their logo, is choose which opportunity to come out and place one, two or three other product they'd like to offer their consumers." offers that are complementary to the product that was just purchased." Assouline noted that advertisers don't decide where their brand name goes, but UpClick "tries to do a lot of rotation Discreet ads so that everybody gets a fair chance." He added that the Assouline stressed that the advertisements appear only advertising side, like everything else within the platform, on the checkout page after a purchase has been made, is a totally commission-based arrangement. Advertisers "because we didn't want to interfere in our customers' pay nothing up front. sales processes in any way, shape or form. Atypical

We want to secure that sale on their behalf first and fore- "We're not a typical advertising network where we make most, and once we've secured that sale and got the autho- money by letting advertisers display their ads on our rization from the bank, only then do we go out and try to pages," he said. "We're only paid when a sale is actually find the best possible cross-sale for them." made. So only when we've successfully cross-sold that customer … does the provider of that [product] actually That said, a second feature of UpClick is it gives mer- pay something." chants the option of doing their own cross-selling with the same companies that make up the affiliate advertising Any online merchant can participate in UpClick, regard- base. less of size or client base, Assouline said. He added that the platform is used internationally and includes an Assouline said those partnerships are negotiated entirely automatic currency and language conversion option, between the merchant and the company for which it which users in foreign countries can use by simply click- cross-sells, who also enjoy all the revenue. ing a button.

Assouline noted that with the advertising program, "Typically what we've found and our merchants have UpClick chooses certain products that it feels will best found is in the software space our merchants have one, complement what the merchant is selling and "maximize two or five different products, and there aren't always every sale." However, merchants have "veto rights" and complementary products, so the attached rates – the may choose not to advertise for a particular product. number of buyers who actually buy the cross-sell – is greatly diminished. Assouline added that because UpClick is an online platform, where processing fees tend to be higher than in "If they're able to pool from a much larger marketplace 90

NewProducts where they can choose other products from other compa- Simply mobile nies, their attach rate significantly goes up." Simply put, the "m-payment" online cell phone applica- UpClick tion allows its user to access any number of credit or debit cards with a single code unique to each user, using 888-448-6822 a wireless signal to connect with a merchant's payment www.upclick.com terminal.

After registering one or more cards within the applica- Purchasing made tion, the consumer is equipped to make purchases by opening the program on a mobile device, entering a per- easy and secure sonal password, selecting a registered card and entering the purchase amount. Product: codeOne Company: M-CodeOne The program then condenses that information into a single purchasing number that changes with every trans- new product called codeOne from New York action, and which the consumer dictates to the merchant city-based technology firm M-CodeOne has along with his or her cell phone number. been termed by its makers a "payment applica- A tion authentication" – an intermediate device The merchant enters the cell and purchasing numbers that streamlines and secures the usual card-to-terminal for authentication – into a cell phone or conventional pay- purchasing process. ment terminal using the PIN pad – and the transaction is complete (the program interfaces with an acquirer's "Basically, we have a platform on one side, and there's a network). bunch of technological solutions on the other side – credit cards, debit cards, chip on the credit card – and codeOne "You can go online and register one, two, maybe three is right in the middle of all this," said Ivan Silva, President, major credit cards you'd like to use with it and then M-CodeOne. 91

NewProducts forget about them," Silva said. "Don't take any of those things out – just use a cell phone – because people con- Features of code One include: tinue to use lines of credit … and expose that information when they have to carry those [cards] with them." • Unique personal password SMS-less for protecting payment cards • Consumer uses single num- Silva said the program provides both security and safety to consumers in a number of ways. ber to access all cards • Transactions authenticated One is that consumers do not carry around any physi- by purchasing number cal cards, which can be lost or stolen and difficult to – card number is never keep track of; another is that having a password makes fraud much more difficult than in conventional credit communicated card purchases, where verification involves only signing • Wireless connectiv- the receipt. ity employed for faster transaction time Many POS mobile purchasing solutions use simple message service text messaging, often requiring several back- and-forth communications and excessive button-pushing – using a slower and less reliable connection, according is unique for that person and the time it takes for him to to Silva. open his phone and enter in the phone; it's just pushing the buttons and it's done." "It takes more time for you to find the card and swipe and sign or provide I.D. And by the way, how do you know M-CodeOne it's secure? Anyone today can fake a credit card. 518-282-4652 With this function, the authentication is 100 percent; it www.prweb.com/emailmember.php?prid=2628214 92 Inspiration

How we spend our days is, of course, how we WaterCoolerWisdom: spend our lives. – Annie Dillard

It is difficult to speculate on the hypothetical, but in a As in work, practical sense there are two ways to go: You could fall into a depression and count the hours and minutes until so in life your time is up – or you might be inspired to dash off and take that dream vacation or perhaps reconnect with old any facets of life are within your control. friends or distant relatives. You may decide to be philan- If you're like most people, you surround thropic and devote your time and financial resources to a yourself with possessions to ease your bur- worthy cause. M dens, bring you joy or express your unique taste and style. But the framework within which every- But how does this relate to you as a payment profes- thing – both tangible and abstract – operates is time. Time sional? What could you do to leave a legacy to others in is uncontrollable, but the course of your life and how you your professional sphere? make every moment count is completely in your control. Two weeks notice What if you were able to see into the future and found out that you were going to die in two weeks? How do you When merchant level salespeople (MLSs) give two weeks think you might react? Would such knowledge motivate notice on the job, it's nothing like facing death, but it is a you or fill you with a sense of dread? With such a short life change. Imagine you have given notice and are leav- time left, what would you do in those few precious days? ing your present employer on good terms. How should you spend your last days with the company, the one If you truly thought about how finite life is, would you that has helped you learn and grow into an exceptional learn to live in the moment and squeeze every drop of employee, salesperson and leader? life out of each encounter, no matter how routine? Do you think relationships would matter more to you? And if so, Would you be generous to your co-workers or would what would that mean for the people in your life? you distance yourself from them as your last day neared? 93

Inspiration

What sort of parting message do you want to leave? To feelings, make amends where needed and reconnect with end your tenure on a positive note, here are some things those you've lost touch with. If you knew you had a short you could do to give back to your colleagues: time left on this earth, would you sweat the little things? Would you waste time with grudges and trivialities? • Brief your replacement on the contacts you've made that may still bear fruit. If no replacement is at hand, Maybe you have shied away from doing things that document your progress to date. seem extravagant, or perhaps you've always put things • Make sure your filing system, both paper and elec- off because you're too busy working. But what price can tronic, is in order. you put on seminal experiences? Are a few more dollars in the bank worth sacrificing things that could bring new • Document procedures instituted under your watch meaning to your life and deepen relationships with those so that others can benefit from your efforts. you care about? • Introduce your replacement to your most valued clients, making the transition easier for both the new You know better than anyone else what you want to expe- hire and the clients. The next time those merchants rience before you die. Give yourself permission to pursue meet other merchants who may need a new proces- those goals now. sor, you might get the referral. • Add notes to contact information about merchants The trick is to accept the truth of mortality without – birthdays, anniversaries, family members and per- becoming morbid – to remember that today will never sonal quirks, and the special things you do for them. come again, so it should be spent wisely. • Be generous with words of encouragement to your co-workers, and offer to provide references or personal recommendations for those who excelled. No more procrastination

On the personal side, don't ever be afraid to share your 94 DateBook

Visit www.greensheet.com/gs_tradeshow_events.php for more events and a year-at-a-glance event chart.

Industry Slated seminar topics include the shift in payment types, new The Prepaid Press technologies, and the three things that can put you out of business and other aspects of risk management. An opening recep- Events The Prepaid Press Expo tion will convene the night of Oct. 14. The conference's second Highlights: The prepaid industry has grown in three distinct day will include an evening reception and an afterglow party. branches – calling cards, wireless, and alternative payments, The forum also promises a few "new twists … you won't want including gift cards. These three sectors converge at the retail to miss." level but are still approached as different industries. The Prepaid Press Expo focuses on this convergence. When: Oct. 12 – 14, 2009 Where: The New York Mariott Marquis, New York The conference will address the latest technology developments Registration: www.electran.org/content/category/6/75/123 in all three sectors, the effect of today's economy, prepaid virtual operators, industry regulation and the emerging market of Trade near field communication payments. Western States Acquirers Association Western States Acquirers Association's 2009 Conference The event will also include an exhibit hall for companies mar- Associations keting prepaid services and a networking "toga" party at the Highlights: WSAA's sixth annual show will feature a keynote Garden of the Gods pool at Caesar's Palace. address by industry veteran Paul Martaus and Mark Dunn's Field Guide Seminar. Topics to be discussed at educational ses- When: Aug. 18 – 20, 2009 sions include Payment Card Industry Data Security Standard Where: Caesar's Palace, Las Vegas compliance, gateways and data security, and sales strategies. Registration: www.prepaidpressexpo.com/index.php An open forum will be paneled by high-level industry execu- Trade tives who will take questions from the audience and elaborate Western Payments Alliance on their successes despite the economic downturn. Associations Operations Conference In addition to the always popular exhibit hall, the WSAA Highlights: This event is designed specifically for individuals with will give away thousands of dollars in prizes to show automated clearing house (ACH) responsibilities who are look- attendees. Sponsorship opportunities are still available; ing to take their ACH payments expertise to the next level. please contact Xavier Ayala at 707-269-3222 or via e-mail at [email protected]. Through a combination of keynote addresses, general session panels and numerous concurrent sessions led by payments When: Oct. 14 – 15, 2009 industry leaders, attendees will learn about the latest oper- Where: Sheraton Park Hotel at Anaheim Resort, Anaheim, Calif. ational issues facing the ACH in light of changing ACH Registration: www.westernstatesacquirers.com Operating Rules, compliance requirements and evolving risk issues. Industry EPCOR The conference will include lectures, product showcases, a cer- Events Payments Summit 2009 emonial luncheon and workshops – including an ACH basics workshop and an Accredited ACH Professional (AAP) prepara- Highlights: This annual event includes one full day and one half tion workshop for individuals interested in taking the AAP exam day of informative general and breakout sessions. There will in 2010. be a networking reception at the Ohio Theater, plus continental breakfast, lunch and coffee breaks each day. When: Sept. 9 – 10, 2009 Where: Harrah's Hotel and Casino, Las Vegas Topics addressed will include check acceptance technology Registration: www.wespay.org/Content/docs/pdf/education/ covering Check 21, ACH, remote deposit capture and image ops_con_reg_form.pdf exchange, current crises and changes ahead in the payments industry, managing end-user risks (fraudsters and hackers), Trade alternative payments, mobile payments and the industry's use Electronic Transactions Association of Web services like Facebook, Twitter and PayPal. There will Associations 2009 Strategic Leadership Forum be a networking reception and roundtables.

Highlights: This annual event will unfold in Times Square, at When: Oct. 22 – 23, 2009 the financial center of the world, and will include high-profile Where: Hyatt on Capitol Square, Columbus, Ohio speakers looking at what the payments industry will face in the Registration: www.associationdatabase.com/aws/pc/pt/sp/ years ahead. home_page 95

Calendar 96 ResourceGuide To add your company to our expanding listing, call 866-429-8080 today.

ACH - CHECK 21 ATM / SCRIP ISOs LOOKING FOR AGENTS

ACH -CHECK 21 BOC

AGE / ID & OFAC VERIFICATION ID Chex (800) 875-6680 www.IDCheX.net ACH - PROCESSING SERVICES

The Resource Guide is paid classiﬁ ed advertising. The Green Sheet, Inc. is not responsible for and does not recommend or endorse any product or service. Advertisers and advertising agencies agree to indemnify and hold the publisher harmless from any claims, damage, or expense resulting from printing or publishing of any advertisement.

ResourceGuide

BANKS LOOKING Proven Funding Recruit (877) 744-8331 FOR ISOs / MSPs www.provenfundingrecruit.com CHECK COLLECTIONS CybrCollect, Inc (888) 340-9205 www.getmychecks.com CHECK GUARANTEE / VERIFICATION CrossCheck, Inc. (800) 654-2365 EZCheck Data Capture Systems Inc. (800) 797-5302 (800) 888-1431 www.ezchk.com www.msi-sd.com Global eTelecom, Inc. (GETI) NationalLink (877) 454-3835 (800) 363-9835 www.checktraining.com www.nationallink.com Global Payments Inc. United Cash Solutions (800) 801-9552 (800) 698-0026 x1430 www.globalpaymentsinc.com BANKS LOOKING Secur-Chex America's BankCard Alliance, LLC. (866) 464-3277 FOR AGENTS (800) 757-1538 www.aballc.com CONSULTING AND Group ISO, Inc. ADVISORY SERVICES (800) 960-0135 Adam Atlas Attorney at Law www.groupiso.com (514) 842-0886 CASH ADVANCE First Annapolis Consulting (410) 855-8500 LOOKING FOR AGENTS www.firstannapolis.com (877) 635-3570 EQUIPMENT ______www.hbms.com Up to 75% Residual $5K Signing Incentive Direct Bank Relationship ISO Sponsorship Available Up to $200 Account Conversion Bonus

Comerica Merchant Services (800) 790-2670 Group ISO, Inc. (800) 960-0135 www.groupiso.com Redwood Merchant Services Division of Westamerica Bank (707) 569-1127 www.redwoodmercantservice.com

100

ResourceGuide

ATT Services FREE ELECTRONIC National Transaction Corp. (714) 999-9566 (888) 996-2273 www.attpos.net CHECK RECOVERY www.nationaltransaction.com ACCESS CHEX BANCNET ISO/POS DEALER (713) 629-0906 (866) 746-CHEX www.banc.net www.accesschex.com LOOKING FOR AGENTS Bartlett Info Tech Services, LLC GIFT / LOYALTY CARD PROGRAMS MSI, Merchant Services Inc. (901) 384-6151 (800) 522-3661 www.bits-pos.com www.1800bankcard.com Budget Terminals and Repair ISO RELATIONSHIPS AVAILABLE (985) 649-2910 General Credit Forms, Inc. (800) 325-1158 www.gcfinc.com Ingenico (800) 252-1140 www.ingenico-us.com JRs POS Depot (877) 999-7374 www.jrsposdepot.com Paper Rolls Chicago (877) 298-6939 www.paperrollschicago.com

Electronic Payments (EPI) (800) 966-5520 x221 www.epigiftcards.com FLEXGIFT/UMSI (800) 260-3388 The Phoenix Group (866) 559-7627 (800) 882-1352 www.cocard.net

• BEST RESIDUAL STREAM IN THE BIZ • MULTIPLE PROCESSING PLATFORMS • PRE-NEGOTIATED BUYING POWER HIGH RISK • NEXT DAY FUNDING AVAILABLE • UNIQUE EXIT STRATEGY

VeriFone (800) VERIFONE FINANCING FOR ISOS Super G Funding (800) 631-2423 www.supergfunding.com AVP Solutions (800) 719-9198 www.avpsolutions.com International Merchant Solutions (800) 313-2265 x104 www.officialims.com

102

ResourceGuide

AmericaOne LLC ISOs / BANKS PURCHASING ISOs / PROCESSORS SEEKING (888) 502-6374 MERCHANT PORTFOLIOS SALES EMPLOYEES Elavon (678) 731-5000 www.elavon.com Electronic Payments (EPI) (800) 966-5520 x223 www.epiprogram.com EVO Merchant Services (800) CARDSWIPE x7800 First American Payment Sys. (866) GO4 FAPS www.first-american.net ISOs LOOKING FOR AGENTS Global Payments Inc. (800) 801-9552 www.globalpaymentsinc.com Group ISO, Inc. (800) 960-0135 www.groupiso.com.

AmericaOne LLC (888) 502-6374 Community Bankers Merchant Services, Inc (866) 333-9331 x201 www.merchantprocessing.com Merchant Rewards Network (MRN) (800) 366-1388 x210 Elavon www.partner-america.com (800) 819-6019 x6 www.elavon.com MSI, Merchant Services Inc. (800) 537-8741 Global Electronic Technology, Inc (GET) www.1800bankcard.com (877) GET 4ISO www.gettrx.com North American Bancard (800) BANCARD x1001 Global Payments (800) 801-9552 www.globalpaymentsinc.com Merchant Portfolios.Com (866) 448-1885 x308 www.MerchantPortfolios.com Merchant Rewards Network (MRN) (800) 366-1388 x210 www.partner-america.com North American Bancard United Bank Card (UBC) (800) BANCARD x1001 (800) 201-0461 Premier Processing Systems (800) 675-8564 www.ppsstl.com

104

ResourceGuide

Group ISO, Inc United Merchant Services, Inc. (800) 960-0135 (800) 260-3388 www.groupiso.com Impact Paysystems (866) 884-5544 x1555 Innovative Merchant Solutions (800) 397-0707

Xenex Merchant Services (888) 918-4409 x511 LEASING

Merchant Rewards Network (MRN) (800) 366-1388 x210 www.partner-america.com

AmericaOne LLC (888) 502-6374 Money Tree Direct Processing Inc. Merchant Services (877) 31-setup (317-3887) (800) 582-2502 x2 www.atmsale.net www.moneytreerewards.com

MSI, Merchant Services Inc. (800) 351-2591 www.1800bankcard.com North American Bancard (888) 229-5229 Electronic Payments (EPI) Pipeline Data Inc. (800) 996-5520 x223 (877) 754-0530 x16179 ABC Leasing www.epiprogram.com www.pipelinedata.com (877) 222-9929 American P.O.S. Leasing Corp. EVO Merchant Services (800) 349-6516 (800) CARDSWIPE x7800 www.poslease.com First American Payment Sys. Azura Leasing (866) GO4 FAPS (888) 424-7142 www.first-american.net www.azuraleasing.com Frontline Processing Corp. First Data Global Leasing (406) 585-7443 (800) 897-7850 www.frontlineprocessing.com LADCO Leasing Global Electronic Technology, Inc (GET) United Bank Card (800) 678-8666 (877) GET 4ISO (800) 201-0461 x136 www.ladco.com www.gettrx.com

106

ResourceGuide

Lease Finance Group LLC PAYMENT GATEWAY ProCharge (888) 625-8867 (800) 966-5520 x221 www.lfgleasing.com USA ePay LogicaLease (866) 490-0042 (888) 206-4935 www.usaepay.com www.logicalease.com PAYMENT GATEWAY / Merimac Capital (866) 464-3277 SERVERS / ISPs Northern Leasing Systems, Inc. Network Merchants, Inc. (NMI) (800) 683-5433 (800) 617-4850 www.northernleasing.com www.nmi.com MULTI - CURRENCY PROCESSING PCI DSS COMPLIANCE

OFFSHORE BANKS LOOKING POS CHECK CONVERSION FOR ISOs APRIVA CrossCheck, Inc. (480) 421-1210 (800) 654-2365 www.apriva.com EZCheck (800) 797-5302 www.ezchk.com Global eTelecom, Inc. (GETI) (877) 454-3835 www.checktraining.com Secur-Chex (866) 464-3277 Global Payments (800) 801-9552 www.globalpaymentsinc.com

108

ResourceGuide

POS CREDIT CARD PRIVATE PARTIES PRN, Inc. (800) 676-1422 EQUIPMENT REPAIR PURCHASING PORTFOLIOS www.prn-inc.com GBM Tranactions, LLC (817) 307-8291 Spectrum Field Services www.gbmtransactions.com (800) 700-1701 x286 www.spectrumfsi.com PROCESSORS TRAINING LOOKING FOR ISOs Bankcard Boot Camp Elavon (866) 276-6683 (678) 731-5000 www.bankcardbootcamp.com www.elavon.com WEBSITE DESIGNS / SEO First National Merchant Solutions (800) 354-3988 www.fnms.com Humboldt Merchant Services (877) 635-3570 www.hbms.com

ATT Services (714) 999-9566 www.attpos.net

TSYS Acquiring Solutions (480) 333-7799 WIRELESS RETAIL / POS SUPPLIES www.tsysacquiring.com KEYED PROCESSING General Credit Forms, Inc. SITE SURVEYS (800) 325-1158 USAePay www.gcfinc.com (866) 490-0042 www.usaepay.com

110 AdvertiserIndex

1st American Leasing ...... 36 Merchant Management Systems, Inc...... 103 Alpha Card Services Inc...... 15, 62 Merchant Rewards Network ...... 73 Apriva ...... 22 Merchant Services Inc...... 61 Azura Leasing ...... 48 Merchant Warehouse ...... 21 Bank Card Depot ...... 58 Merchants' Choice Payment Solutions ...... 13 Blue Bamboo/Virtual Payment Solutions ...... 30 MLS Direct Network...... 105 CarpéCharge ...... 51 Money Tree Merchant Services ...... 69 CoCard Marketing Group ...... 11 National Transaction ...... 70 Credomatic ...... 101 Network Merchants Inc...... 31 CrossCheck Inc...... 33 North American Bancard ...... 2, 6, 7 Cynergy Data ...... 107 NPC ...... 9 Déjavoo Systems...... 85 Payments Gateway...... 88 Electronic Merchant Systems ...... 83 Pivotal Payments ...... 25 Electronic Payments Inc...... 111 POS Portal Inc...... 77 eProcessing Network LLC ...... 24 Reliable Payment Solutions ...... 97 Equity Commerce ...... 71 Reliant Processing Services ...... 99 EVO Merchant Services ...... 45 Sonoma Technical Support Services ...... 53 EZCheck ...... 32 SparkBase ...... 20 First American Payment Systems ...... 75 Stream Cash LLC ...... 63 First Data ...... 29 Super G Funding ...... 18 Global Check Service...... 46 Teledraft...... 60 Global eTelecom Inc...... 84 The Phoenix Group ...... 27 Global Payment Solutions, Inc...... 90 Total Merchant Services ...... 56, 57 Greystone Business Resources ...... 82 TransFirst...... 19 Humboldt Merchant Services ...... 38 TriSource Solutions LLC ...... 49 Hypercom...... 112 TSYS Acquiring Solutions ...... 10 Impact MD ...... 91 United Bank Card Inc...... 65, 66, 67 Ingenico ...... 23 United Merchant Services ...... 35 iPayment Inc...... 17 USAePay ...... 12 ITI Internet Services, Inc...... 79 VeriFone...... 93 JRs POS Depot ...... 28 Virtual Payment Solutions/Blue Bamboo ...... 76